reddit-insights
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill setup instructions use
npx -y reddit-insights-mcpto download and run code from the npm registry. The author and package are not part of the trusted external sources, posing a risk of unverifiable dependency installation. - REMOTE_CODE_EXECUTION (MEDIUM): The MCP server execution via
npxruns third-party code directly in the user's environment with access to theREDDIT_INSIGHTS_API_KEYenvironment variable. - INDIRECT_PROMPT_INJECTION (LOW): The skill retrieves and processes natural language content from Reddit, which is an untrusted external source.
- Ingestion points: The
reddit_search,reddit_get_subreddit, andreddit_get_trendstools return post titles and content directly from Reddit users. - Boundary markers: No boundary markers or specific safety instructions are provided to the agent to treat this data as untrusted.
- Capability inventory: The skill allows network-based data retrieval; while it does not directly offer write/exec capabilities, the agent's broad toolset could be influenced by injected instructions in the Reddit content.
- Sanitization: No sanitization or filtering of the retrieved Reddit content is performed.
Audit Metadata