jina-reader
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Retrieves content from arbitrary URLs through Jina Reader in
scripts/jina_reader.py. - Boundary markers: Output lacks delimiters to separate external data from instructions.
- Capability inventory: Includes network access and file-writing permissions.
- Sanitization: No sanitization is performed on content from the external service.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Fetches content from the well-known service
r.jina.ai. - [COMMAND_EXECUTION]: Provides an option to write fetched content to a local file path via the
--outputflag.
Audit Metadata