reddit-readonly
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves untrusted data from Reddit posts and comments, creating a surface for indirect prompt injection attacks where malicious content in a post could attempt to override agent instructions.
- Ingestion points: Data is fetched from Reddit's public API (titles, selftext, and comment bodies) via the 'requests' library in SKILL.md.
- Boundary markers: The skill does not implement boundary markers or instructions to treat the retrieved content as data rather than instructions.
- Capability inventory: The skill is limited to read-only HTTP GET requests; it lacks capabilities for command execution, file system modification, or persistent storage.
- Sanitization: The skill truncates long text strings but does not sanitize content for potential prompt injection patterns.
Audit Metadata