last30days
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect prompt injection surface exists as the skill ingests raw content from Reddit and X. 1. Ingestion points: Social media content via OpenAI and xAI APIs. 2. Boundary markers: Absent in reports and context snippets. 3. Capability inventory: Script execution, network access, and local file writing. 4. Sanitization: No sanitization of ingested content is documented.
- DATA_EXFILTRATION (LOW): The skill performs network requests to OpenAI and xAI domains. These are not on the provided exfiltration whitelist, although they are necessary for the skill's function.
- SAFE (SAFE): The implementation uses Python standard libraries and local configuration storage (~/.config/last30days/) for API keys, which follows security best practices for agent skills.
Audit Metadata