reply-writer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of natural language instructions and templates within a markdown file. It does not contain any Python, JavaScript, or shell scripts, nor does it define any external software dependencies.
- [PROMPT_INJECTION]: The skill processes untrusted external content from Reddit threads, which creates a surface for indirect prompt injection.
- Ingestion points: The 'Gather Inputs' phase requires users to provide text from 'Original post' and 'Top existing replies' sourced from Reddit.
- Boundary markers: The prompt instructions do not specify any delimiters (such as XML tags or unique markers) to separate the ingested untrusted text from the agent's primary instructions.
- Capability inventory: The skill has no access to external tools, network requests, file system operations, or command execution. The potential impact of an injection is limited to affecting the content of the generated reply.
- Sanitization: No input validation or filtering of the Reddit content is performed by the skill's instructions.
Audit Metadata