Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlandjqto interact with the Reddit API. This behavior is necessary for the skill's stated purpose of retrieving and searching Reddit content.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by fetching and processing data from external, user-controlled Reddit discussions.\n - Ingestion points: Data is ingested from Reddit API responses throughout the examples in
SKILL.md.\n - Boundary markers: There are no boundary markers or explicit instructions to the agent to treat the retrieved content as untrusted or to ignore any commands contained within it.\n
- Capability inventory: The skill has network access through
curlto fetch external content.\n - Sanitization: No sanitization or content filtering is implemented for the data retrieved from the API.
Audit Metadata