first-1000-users
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from Reddit threads which presents a risk of indirect prompt injection. * Ingestion points: Thread discovery in Phase 2 and drafting in Phase 3 read original posts and replies from Reddit via PRAW and Playwright. * Boundary markers: The prompt instructions do not specify clear delimiters or safety warnings to help the model distinguish between instructions and untrusted thread content. * Capability inventory: The skill is capable of posting comments and sending direct messages via the Reddit API. * Sanitization: The mandatory human-in-the-loop approval gate in Phase 4 serves as the primary defense against executing malicious instructions.
- [COMMAND_EXECUTION]: The skill executes system commands using python3 and playwright-cli to run its operational scripts for searching and posting.
- [EXTERNAL_DOWNLOADS]: The skill installs the @playwright/mcp package from the NPM registry to provide Model Context Protocol support for browser automation.
Audit Metadata