Skills
skills/lignertys/reddit-research-skills/reddit-search-api/Gen Agent Trust Hub

reddit-search-api

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data from Reddit, creating a surface for indirect prompt injection.
  • Ingestion points: Retrieves Reddit posts and comments via the semantic search endpoint at https://reddapi.dev/api/v1/search/semantic (referenced in SKILL.md).
  • Boundary markers: None identified; the skill does not specify markers or instructions to isolate the retrieved content from the agent's instructions.
  • Capability inventory: The skill uses curl for API communication and python3 -c for parsing results, providing capabilities that could be targeted by malicious content.
  • Sanitization: No validation or sanitization of the retrieved Reddit content is described or implemented.
  • [COMMAND_EXECUTION]: The skill executes shell commands using curl to interact with the reddapi.dev API and utilizes a Python one-liner (python3 -c) to parse JSON output. The Python script is statically defined in the skill and processes data from standard input safely.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:54 AM