reddit-insights
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires an API key obtained from the vendor's service (reddit-insights.com) and fetches its MCP server component from the npm registry.
- [REMOTE_CODE_EXECUTION]: Configuration instructions utilize 'npx -y reddit-insights-mcp', which performs a runtime download and execution of the server code from the npm registry.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted user-generated content from Reddit, which could contain instructions meant to manipulate the agent's behavior.
- Ingestion points: Results from 'reddit_search', 'reddit_get_subreddit', and 'reddit_get_trends' (SKILL.md).
- Boundary markers: Absent; there are no instructions to wrap external content in delimiters or ignore embedded commands.
- Capability inventory: Tools to search, list, and retrieve post data for analysis (SKILL.md).
- Sanitization: No explicit logic is provided to sanitize or filter potential injection strings from retrieved Reddit data.
Audit Metadata