reddit-comment-writer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill is not malware (no hidden exec/eval, backdoor, or data-exfiltration code), but it explicitly enables coordinated deceptive platform manipulation and moderation-evasion (automated/batch posting, persona/voice cloning, progressive learning to avoid detection, and link obfuscation), so it poses a high abuse risk for astroturfing and covert promotion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads open/public Reddit threads and comments (e.g., SKILL.md Tools table; "Write Comments Flow" step 3: "Read full thread"; workflows/batch-mode Subreddit Study: "Fetch 5-10 top/hot posts. Read top 3-5 comments") and also visits product websites during setup, so untrusted, user-generated third‑party content is ingested and used to guide drafting and posting decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow explicitly instructs the agent at runtime to visit and scrape the user-provided product website (the profile "URL" saved to profiles/{slug}.md) to auto-populate "Product Knowledge", so content fetched from that external URL will directly shape prompts and drafting behavior.