reddit-sentiment-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest large amounts of untrusted external content from Reddit, which is a primary vector for indirect prompt injection attacks.
- Ingestion points: The skill uses
mcp-server-redditto callget_post_contentand fetch comments, as documented inDEMO-RESULTS.md. - Boundary markers: There are no documented boundary markers or instructions to the agent to disregard instructions found within the fetched Reddit text.
- Capability inventory: The skill has the capability to write files to the local filesystem (saving reports to the
/docs/directory) and processes data for high-level summaries. - Sanitization: There is no evidence of sanitization or filtering of the fetched content before it is processed by the LLM.
- [External Downloads] (MEDIUM): The skill's setup requires running
uvx mcp-server-reddit. This involves downloading and executing a package from a public registry (PyPI) at runtime. While this is a common pattern for MCP servers, the package source is not within the defined list of pre-trusted organizations, presenting a dependency risk.
Recommendations
- AI detected serious security threats
Audit Metadata