reddit-researcher

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt explicitly mandates pre/post memory file reads/writes and an "ASSUME INTERRUPTION" rule that change persistent agent behavior (reading local .claude context and storing decisions), which is outside the stated read-only Reddit-fetching purpose and thus constitutes hidden/deceptive operational instructions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses public, user-generated Reddit content via the unauthenticated JSON API (see SKILL.md "Search and read public Reddit posts" and scripts/main.cjs fetchRedditJson and comment/post endpoints like /r/{sub}/comments/{id}.json), so the agent will read and act on untrusted third-party content that could contain instructions enabling indirect prompt injection.