reddit-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted data from external Reddit posts and comments. \n
- Ingestion points: Reddit API endpoints are accessed via
scripts/main.cjsto fetch user-generated content. \n - Boundary markers: Not implemented. Data is returned to the agent without explicit delimiters or warnings to ignore embedded instructions. \n
- Capability inventory: The skill utilizes
WebFetchandWebSearchtools. \n - Sanitization: Content in
scripts/main.cjsis truncated to 500 characters, but no escaping or validation for malicious prompts is performed. \n- [SAFE]: The skill implements strong security controls to prevent unauthorized network access. It uses a strict hostname allowlist (reddit.com, www.reddit.com, old.reddit.com) and proper URL parsing to mitigate SSRF risks in bothscripts/main.cjsand thehooks/pre-execute.cjshook. Additionally, a fail-closed pre-execution hook ensures all inputs meet safety schemas and constraints before processing begins.
Audit Metadata