community-skill-radar
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted text from Reddit posts and incorporates it into the PROPOSALS.md file, which is intended to guide an AI agent in building new skills. This creates a risk where malicious instructions on Reddit could hijack the agent during the skill development process.\n
- Ingestion points: Content is fetched from Reddit subreddits via radar.py using the public JSON API.\n
- Boundary markers: Absent. The generated PROPOSALS.md does not use delimiters or warnings to isolate untrusted community content.\n
- Capability inventory: The skill writes to the filesystem (PROPOSALS.md, state.yaml), and its intended usage involves a downstream agent with skill creation or file-writing capabilities.\n
- Sanitization: Absent. No content filtering or sanitization is performed on the ingested Reddit titles or descriptions beyond basic length limits.\n- [EXTERNAL_DOWNLOADS]: The skill connects to Reddit's public API to fetch community signals. This behavior targets a well-known technology service and is a core part of the skill's documented functionality.\n- [COMMAND_EXECUTION]: The skill executes radar.py to manage its state and generate reports, involving reading and writing to the ~/.openclaw directory.
Audit Metadata