reddit-automation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from an external source (Reddit) and has high-privilege write capabilities.
- Ingestion points: REDDIT_SEARCH_ACROSS_SUBREDDITS, REDDIT_RETRIEVE_POST_COMMENTS, and REDDIT_GET_R_TOP in SKILL.md.
- Boundary markers: Absent. There are no instructions to the agent to treat the retrieved data as untrusted or to ignore embedded instructions.
- Capability inventory: REDDIT_CREATE_REDDIT_POST, REDDIT_POST_REDDIT_COMMENT, REDDIT_EDIT_REDDIT_COMMENT_OR_POST, REDDIT_DELETE_REDDIT_COMMENT, and REDDIT_DELETE_REDDIT_POST.
- Sanitization: Absent. No filtering or escaping is applied to the content retrieved from Reddit before it enters the agent's context.
- EXTERNAL_DOWNLOADS (HIGH): The skill directs users to connect to an untrusted external MCP server at https://rube.app/mcp. This server is not among the trusted sources and provides the tool definitions and logic for the agent, creating a risk of unauthorized command execution or data exfiltration if the endpoint is malicious or compromised.
Recommendations
- AI detected serious security threats
Audit Metadata