Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
child_process.execto open the system's default web browser during the OAuth login flow. * Evidence:exec(${cmd} "${authUrl}")inscripts/reddit.mjs. - [DATA_EXFILTRATION]: The skill stores sensitive Reddit OAuth access and refresh tokens in a plaintext JSON file in the user's home directory. * Evidence:
const TOKEN_FILE = join(homedir(), '.reddit-token.json')inscripts/reddit.mjs. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it fetches untrusted content (post titles, bodies, and comments) from the Reddit API and provides it to the agent. * Ingestion points:
scripts/reddit.mjsfetches data from the Reddit API ingetPosts,searchPosts, andgetComments. * Boundary markers: Absent; content is formatted as JSON and printed directly. * Capability inventory:scripts/reddit.mjshas network access (fetch), file system access (fs), and command execution capabilities (exec). * Sanitization: Absent; content from Reddit is not escaped or filtered before output.
Audit Metadata