reddit-thread-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection.
- Ingestion points: The skill uses 'WebFetch' in
SKILL.mdto retrieve Reddit post titles, bodies, and comments, which are entirely user-controlled external data. - Boundary markers: Absent. The instructions do not direct the agent to use delimiters (like XML tags or triple quotes) or to ignore instructions embedded within the fetched Reddit content.
- Capability inventory: The skill uses 'WebFetch' for network read operations and generates structured markdown output. While it doesn't execute code, an injection could manipulate the 'Executive Summary' or 'Key Quotes' to mislead users or the agent's next steps.
- Sanitization: Absent. There are no instructions to escape, filter, or validate the content retrieved from Reddit before processing it.
Audit Metadata