Oathe Security Badge

Is ashemag/reddit-crosspost safe?

https://github.com/ashemag/reddit-crosspost

92
SAFE

This Reddit crossposting skill is functionally legitimate but contains concerning automation techniques designed to mimic human behavior and avoid platform detection. While no malicious code or data exfiltration was detected, the extensive instructions for human impersonation raise platform integrity concerns.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (2)

MEDIUM Social Media Automation with Detection Avoidance -40

The skill contains extensive instructions for mimicking human posting patterns on Reddit, including specific timing delays, casual writing styles, and engagement techniques designed to avoid automated detection. While stated for legitimate crossposting, these techniques could violate platform terms of service and enable social media manipulation.

LOW Extensive Browser Automation Requirements -15

The skill requires significant browser automation capabilities and instructs the agent to perform complex sequences of actions designed to appear human-like. While not a direct prompt injection, this level of automation instruction could potentially be misused beyond the stated scope.