Skills
skills/varnan-tech/opendirectory/reddit-icp-monitor/Gen Agent Trust Hub

reddit-icp-monitor

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes python3 -c to URL-encode search phrases within a shell subshell in Step 3. The {PHRASE} placeholder is interpolated directly into a Python command string. If a search phrase stored in docs/icp.md contains double quotes or other shell-sensitive characters, it could lead to arbitrary Python code execution within the shell environment when the command is constructed and executed by the agent.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves untrusted content (post titles and bodies) from Reddit and incorporates this data directly into prompts sent to the Gemini API in Steps 4 and 5. A maliciously crafted Reddit post could attempt to override the scoring logic, bypass the anti-spam reply rules, or potentially exfiltrate the GEMINI_API_KEY included in the request context.
  • Ingestion points: Reddit search results (title, body snippet) fetched via curl in Step 3.
  • Boundary markers: Absent. The untrusted content from Reddit is placed directly into JSON templates and text blocks used for API requests.
  • Capability inventory: The skill can execute shell commands (curl, python3), access the file system (reading and writing to docs/), and communicate over the network with Reddit and Google APIs.
  • Sanitization: There is no evidence of sanitization or escaping of the Reddit content before it is interpolated into the prompts for the LLM.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data and authentication tokens from Reddit's public and OAuth APIs. It also makes POST requests to the Google Generative Language API for content scoring and drafting. These interactions target well-known and expected services given the skill's purpose.
  • [DATA_EXFILTRATION]: The skill manages sensitive credentials, including the GEMINI_API_KEY and Reddit OAuth details (Client ID, Secret, Username, Password). The Gemini API key is transmitted as a query parameter in the API URL, and Reddit credentials are sent in a POST request body to Reddit's authentication endpoint. While these are common patterns for these services, they involve transmitting secrets over the network and potentially exposing them in local environment logs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 05:54 PM
Security Audit — agent-trust-hub — reddit-icp-monitor