Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill implements a read-only client for Reddit's public API and does not contain any malicious logic.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Reddit, creating a surface for indirect prompt injection. However, the risk is minimal due to the absence of dangerous capabilities.
- Ingestion points: Data is fetched from Reddit via scripts/reddit_api.py using urllib.
- Boundary markers: None present in the code.
- Capability inventory: The skill is limited to performing network GET requests to reddit.com and printing output to the console. It lacks file-system write access, subprocess execution, or dynamic code evaluation capabilities.
- Sanitization: The skill extracts specific fields from the JSON responses and truncates long text fields (e.g., post content to 500 characters, comments to 300) before presenting them to the agent.
- [DATA_EXFILTRATION]: Network activity is restricted to Reddit's official domain for fetching public content. No sensitive local data is accessed or transmitted to external servers.
Audit Metadata