devvit-logs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes a local Node.js script
./scripts/devvit-logs.cjswhich acts as a wrapper for the Devvit CLI tool. It accepts user-provided input for the subreddit and app name as command-line arguments. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The skill ingests untrusted data from external application logs which could contain malicious instructions. (1) Ingestion points: Captured stdout from the
devvit logscommand in SKILL.md. (2) Boundary markers: None defined in the prompt instructions or presentation logic. (3) Capability inventory: Shell command execution via the provided script. (4) Sanitization: No sanitization or validation of the log content is performed before presenting it to the agent.
Audit Metadata