Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill performs network requests to reddit.com, which is not on the trusted domain whitelist. These operations are limited to read-only GET requests for public data and do not involve sensitive local files or hardcoded credentials.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted text from Reddit posts and comments, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Data enters through the
api_getfunction inscripts/reddit_api.pyand is processed by various retrieval scripts (e.g.,get_post.py,search_posts.py).\n - Boundary markers: No boundary markers or special delimiters are used when passing content to the agent; data is printed with simple textual labels like 'text:' or 'body:'.\n
- Capability inventory: The skill's capabilities are restricted to displaying information to standard output. It contains no file system write operations, subprocess executions, or dynamic code evaluation.\n
- Sanitization: The skill applies basic length truncation (300-500 characters) to incoming Reddit content.
Audit Metadata