reddit-commenter
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is highly vulnerable to indirect prompt injection because it processes untrusted data from Reddit posts and external websites without sanitization.
- Ingestion points:
browser_snapshot()is used to read content from Reddit posts and external URLs provided by users (SKILL.md, Step 3). - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions found within the analyzed content.
- Capability inventory: The agent has access to
browser_navigate,browser_type, andbrowser_click, allowing it to perform actions in a browser session that may be authenticated. - Sanitization: Absent. The agent directly interprets the content to provide feedback.
- [Dynamic Execution] (MEDIUM): The skill implements dynamic navigation to untrusted paths. In Step 3 of SKILL.md, the agent is instructed to use
browser_navigate(provided link)where the link is extracted from a Reddit post. This 'dynamic loading from a computed path' can be exploited to force the agent to visit malicious sites or internal network resources. - [Command Execution] (LOW): The skill relies on Playwright MCP to automate browser interactions. While this is the intended functionality, it serves as the primary vector for any instructions injected via external content.
Audit Metadata