last30days-free
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by aggregating untrusted content from Reddit and X. \n
- Ingestion points: Social media data is fetched via
scripts/reddit.mjsand an external script called byscripts/last30days-free.sh. \n - Boundary markers: The research results are formatted into Markdown headers but lack security-specific delimiters to isolate untrusted content from agent instructions. \n
- Capability inventory: The skill can execute shell commands (
node,jq,check_twitter.sh), write research reports to the filesystem, and potentially perform write actions on Reddit (post/reply/mod) if OAuth credentials are provided. \n - Sanitization: Only basic HTML entity escaping is performed; no filtering for malicious instructions in the retrieved text is implemented. \n- [COMMAND_EXECUTION]: The main shell script executes several subprocesses to perform its tasks. \n
- Evidence:
scripts/last30days-free.shexecutesnode scripts/reddit.mjsand an external bash script at${HOME}/clawd/skills/twitter/scripts/check_twitter.sh. \n- [EXTERNAL_DOWNLOADS]: The skill makes network requests to external social media platforms. \n - Evidence: Connects to
www.reddit.comandoauth.reddit.comto retrieve search results and comments. \n- [CREDENTIALS_UNSAFE]: The skill stores sensitive authentication data in a local file. \n - Evidence:
scripts/reddit.mjssaves Reddit OAuth tokens to~/.reddit-token.jsonand relies onREDDIT_CLIENT_IDandREDDIT_CLIENT_SECRETbeing set in the environment.
Audit Metadata