Skills
skills/brianrwagner/ai-marketing-claude-code-skills/reddit-insights/Gen Agent Trust Hub

reddit-insights

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an MCP server using the command npx -y reddit-insights-mcp. This downloads and executes a package from the public npm registry. This is documented neutrally as it is a standard installation method for MCP servers provided by the vendor.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted user data from Reddit threads.
  • Ingestion points: User-generated content from Reddit is retrieved through the reddit_search and reddit_get_subreddit tools in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the fetched data are defined in the skill configuration.
  • Capability inventory: The skill provides tools to search, list subreddits, and track trends, which could be used to fetch malicious instructions that the agent might follow if not properly isolated.
  • Sanitization: There is no evidence of sanitization or filtering of the Reddit content before it is passed to the LLM context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:29 PM