social-media-trends-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The script makes network requests to 'www.reddit.com' using the 'requests' library. This domain is not on the whitelist for trusted external sources, although the activity is consistent with the skill's stated purpose.
- Indirect Prompt Injection (LOW): The skill ingests untrusted content from Reddit (titles, text, and descriptions) without sanitization or boundary markers. This creates a surface for indirect prompt injection attacks if the agent processes the retrieved content as instructions.
- Ingestion points: scripts/reddit_scraper.py (via Reddit API requests in search, get_subreddit, and get_trending_subreddits)
- Boundary markers: Absent; the data is returned as raw strings to the caller.
- Capability inventory: No dangerous capabilities (e.g., shell execution, filesystem modification) were detected in the provided script.
- Sanitization: No sanitization or filtering of processed text content is performed beyond truncation.
Audit Metadata