agent-reach
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands and CLI tools, including
xreach,yt-dlp,gh,mcporter,curl, andpython3to perform platform-specific operations. - [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources, including reading web pages via
r.jina.aiand retrieving documentation fromraw.githubusercontent.com. - [DATA_EXFILTRATION]: User-provided URLs are transmitted to the
r.jina.aiservice for content extraction and markdown conversion. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and processing untrusted data from multiple social media platforms and the general web.
- Ingestion points: Reads content from Twitter, Reddit, YouTube, GitHub, WeChat, XiaoHongShu, and general URLs (SKILL.md).
- Boundary markers: No explicit markers or instructions are provided to the agent to ignore embedded instructions in the retrieved content.
- Capability inventory: The skill can execute multiple shell commands and Python scripts, which could be exploited if an injection occurs (SKILL.md).
- Sanitization: No input sanitization or output filtering is performed on the data retrieved from external platforms.
Audit Metadata