agent-reach
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
subprocessmodule to execute external command-line utilities. This includes runningyt-dlpfor media extraction,ghfor GitHub interactions, andmcporterfor MCP server communication. Incli.py, it specifically usesshell=Trueto run installation commands for system packages. - [EXTERNAL_DOWNLOADS]: The installation and setup routines download and execute scripts from external sources. It fetches Node.js installation scripts from NodeSource and the
fnminstaller from Vercel's domain. It also uses package managers likenpmandpipto install various dependencies from public registries. - [DATA_EXFILTRATION]: The skill includes functionality in
cookie_extract.pyto search for and extract session cookies (such asauth_tokenandct0for Twitter/X) from local browser databases (Chrome, Firefox, Edge, etc.) using thebrowser-cookie3library. While this is a documented feature for providing the agent with browser-level access, it involves handling highly sensitive personal data. - [PROMPT_INJECTION]: The skill functions as an aggregator of untrusted data from the internet (web pages, RSS feeds, social media posts, and video transcripts).
- Ingestion points: Content is fetched in
agent_reach/channels/web.py,reddit.py,twitter.py, andyoutube.py. - Boundary markers: The skill does not implement delimiters or 'ignore' instructions when returning internet content to the agent.
- Capability inventory: The skill has access to significant system capabilities via
subprocess.runacross multiple platform channels. - Sanitization: There is no evidence of content sanitization or filtering before the data is processed by the AI, presenting a surface for indirect prompt injection.
Recommendations
- HIGH: Downloads and executes remote code from: https://fnm.vercel.app/install, https://deb.nodesource.com/setup_22.x, http://localhost:18060/ - DO NOT USE without thorough review
Audit Metadata