reddit-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'requests' Python library to fetch data from the Apify platform, which is an established web scraping service.
- [SAFE]: Authentication tokens are handled through environment variables or CLI flags, ensuring no sensitive secrets are hardcoded in the source code or documentation.
- [PROMPT_INJECTION]: The skill processes untrusted data from Reddit, creating an indirect prompt injection surface. Ingestion occurs in 'scripts/search_reddit.py' when fetching results from the Apify API. Boundary markers are present as the data is returned in a structured JSON format or a formatted summary table. A capability inventory shows the script is limited to network requests to Apify and printing to stdout, with no access to file writing, system commands, or dynamic code execution. No sanitization is performed on the scraped content, but the lack of dangerous capabilities mitigates the risk.
- [SAFE]: No signs of obfuscation, persistence mechanisms, or unauthorized privilege escalation were found.
Audit Metadata