reddit-automation
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from Reddit and possesses write capabilities.
- Ingestion points: Untrusted data enters the agent context through tools like
REDDIT_SEARCH_ACROSS_SUBREDDITS,REDDIT_RETRIEVE_POST_COMMENTS,REDDIT_GET_R_TOP, andREDDIT_RETRIEVE_REDDIT_POSTas described inSKILL.md. - Boundary markers: Absent. The instructions do not provide delimiters (e.g., XML tags) or explicit warnings to the agent to ignore instructions embedded within the fetched Reddit content.
- Capability inventory: The skill has significant write capabilities including
REDDIT_CREATE_REDDIT_POST,REDDIT_POST_REDDIT_COMMENT,REDDIT_EDIT_REDDIT_COMMENT_OR_POST, andREDDIT_DELETE_REDDIT_POSTas listed inSKILL.md. - Sanitization: Absent. There are no instructions for the agent to sanitize, validate, or escape content retrieved from Reddit before using it in subsequent prompts or actions.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an external MCP server endpoint (
https://rube.app/mcp) which is hosted on a non-standard domain.
Audit Metadata