Warn
Audited by Snyk on Feb 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill fetches and displays user-generated Reddit content via the public JSON API (see scripts/reddit_api.py api_get calling https://www.reddit.com/... .json and scripts/get_post.py, get_posts.py, search_posts.py which return post selftext and comment bodies), exposing the agent to arbitrary third-party text that could contain indirect prompt injections.
Audit Metadata