reddit-fetch
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill requires the agent to run tmux commands to interact with a sub-shell. Using
tmux send-keysto transmit unsanitized agent or user-controlled strings can lead to command injection on the host system. - PROMPT_INJECTION (HIGH): This skill is highly vulnerable to Indirect Prompt Injection. 1. Ingestion points: The skill captures output from Reddit via
tmux capture-pane(SKILL.md). 2. Boundary markers: None. Untrusted content is presented to the agent as raw text without delimiters. 3. Capability inventory: The agent has shell access viatmux. 4. Sanitization: None. Malicious instructions inside Reddit posts could be processed and potentially executed by the agent due to its command execution capabilities. - EXTERNAL_DOWNLOADS (LOW): The skill relies on the
geminiCLI to access the internet. While the tool itself is expected to be from a trusted source, it is used here to fetch untrusted third-party data.
Recommendations
- AI detected serious security threats
Audit Metadata