Skills
NYC
skills/lignertys/reddit-research-skill/reddit-search-api/Gen Agent Trust Hub

reddit-search-api

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): Potential for Indirect Prompt Injection (Category 8). The skill processes untrusted Reddit posts and comments which could contain malicious instructions designed to influence the agent's downstream reasoning or actions.
  • Ingestion points: API responses from reddapi.dev/api/v1/search/semantic containing user-generated content from Reddit.
  • Boundary markers: None. The instructions do not define delimiters to separate untrusted data from the agent's instructions.
  • Capability inventory: Use of curl for further network requests and python3 for data processing.
  • Sanitization: No evidence of sanitization or filtering of the external Reddit content.
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes inline script execution (python3 -c "...") to process API results. While the current snippet is functional for JSON parsing, dynamic execution of script strings is a risk factor.
  • [DATA_EXFILTRATION] (LOW): The skill performs network operations using curl to reddapi.dev. This domain is not on the trusted whitelist. While required for the skill's purpose, it represents a data transmission point to an unverified third-party service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 03:09 PM