brand-monitor
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands (
curl) using parameters like{subreddit}and{keywords_OR_joined}. These parameters are stored in a configuration file generated by the AI based on untrusted external content from brand websites. If these values contain shell metacharacters, it could result in arbitrary command execution on the host environment.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from Reddit's JSON API and visits external brand websites viaweb_fetch. While Reddit is a well-known service, the interaction with arbitrary third-party URLs introduces untrusted data into the skill's context.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the data it ingests and analyzes.\n - Ingestion points: External content retrieved from brand websites (
web_fetch) and Reddit search results (curl).\n - Boundary markers: The instructions do not define any delimiters or instructions to ignore commands embedded within the retrieved external text.\n
- Capability inventory: The skill has capabilities to execute shell commands (
curl), write to the local file system (memory/directory), and use web browsing tools.\n - Sanitization: No sanitization, escaping, or validation logic is specified for the data gathered from external sources before it is processed by the AI or used to construct commands.
Audit Metadata