link-reader
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill handles sensitive API keys by checking environment variables and providing instructions for the agent to store them in a workspace file. This is part of the vendor's documented integration flow.\n- [PROMPT_INJECTION]: The skill processes data from external URLs, which represents a surface for indirect prompt injection.\n
- Ingestion points: External content enters the system through scripts/link_reader.py from user-provided URLs.\n
- Boundary markers: There are no specific delimiters or instructions to the LLM to ignore commands within the fetched content.\n
- Capability inventory: The skill uses the volcenginesdkarkruntime library to make network calls to the vendor's tool execution API.\n
- Sanitization: The raw text and titles from the URLs are returned to the agent without any sanitization of the content for malicious instructions.
Audit Metadata