reddit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill references a local credentials file and automates login via form_input/browser actions, which implies the agent will need to read and insert secret values verbatim into actions/requests (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates and reads Reddit pages (see references/research.md Step 3 "Navigate Reddit via Browser MCP" and Step 4 "Extract Thread Data") and references engaging with thread URLs (references/engage.md Step 1.4) — both involve ingesting untrusted, user-generated content from public Reddit threads.