Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill accesses a sensitive local file at
community-pulse/skills/reddit/.env.profiles.localto retrieve Reddit authentication credentials. Accessing sensitive configuration files is a high-risk activity that could lead to credential exposure. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Untrusted data is read from external Reddit threads via
read_pageandget_page_textinreferences/research.mdandreferences/engage.md. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the ingested content. Capability inventory: The skill possesses write capabilities on a public platform using Browser MCP tools (form_input,computer) to post comments and create new threads. Sanitization: Absent; the skill performs no validation or filtering of external content before processing it. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes Browser MCP for automated web interactions such as navigation, form input, and clicking. These capabilities represent a significant risk if the agent's logic is influenced by malicious instructions embedded in the external threads it processes.
Recommendations
- AI detected serious security threats
Audit Metadata