Skills
skills/phy041/claude-skill-reddit/reddit-cultivate/Gen Agent Trust Hub

reddit-cultivate

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Uses osascript and System Events for arbitrary browser control and UI automation, bypassing security sandboxes.
  • [DATA_EXFILTRATION] (HIGH): Steals browser session data such as Reddit modhashes and account details from the secure browser context.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): Scrapes untrusted Reddit content without sanitization or boundary markers, creating a surface for malicious posts to control agent behavior. Ingestion points: Post titles and metadata via AppleScript. Boundary markers: Absent. Capability inventory: Browser JS execution and automated posting. Sanitization: Absent.
  • [PRIVILEGE_ESCALATION] (HIGH): Requires disabling the 'Allow JavaScript from Apple Events' security feature in Chrome, exposing the browser to all local processes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:43 AM