jina-reader
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits search queries and URLs provided by the user to Jina AI's infrastructure (r.jina.ai and s.jina.ai). This is the intended primary purpose of the skill. Jina AI is recognized as a well-known service.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves untrusted content from the web and provides it to the agent. Ingestion points: scripts/reader.ts (fetches data from Jina Reader and Search APIs). Boundary markers: None; retrieved content is not delimited or wrapped in instructions to ignore embedded commands. Capability inventory: Network access via the fetch API in scripts/reader.ts. Sanitization: None; external content is returned as raw text or JSON data directly to the agent context.
Audit Metadata