reedle
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
reedle-clipackage via NPM. This is a standard installation for the vendor's provided tool. - [COMMAND_EXECUTION]: The skill relies on the
reedleCLI tool viaBashfor library management and content extraction. These commands are scoped to the tool's intended functionality. - [CREDENTIALS_UNSAFE]: The skill manages service-specific authentication tokens (Reedle CLI tokens). It describes standard practices for setting, verifying, and storing these tokens in
~/.config/reedle/credentials.jsonor environment variables. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill extracts content from untrusted external sources (web pages, YouTube transcripts, Bilibili transcripts) which is then processed by the agent. This presents a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the agent context through the
reedle readCLI command andmcp__reedle__reedle_readMCP tools (found in SKILL.md). - Boundary markers: The instructions lack specific guidance on using delimiters or boundary markers to isolate external content from the agent's instructions.
- Capability inventory: The agent has the capability to execute shell commands (
Bash) and perform state-changing operations on the user's reading library (e.g.,reedle_save,reedle_delete_article). - Sanitization: There are no mentioned mechanisms for sanitizing or validating the content extracted from external URLs before the agent processes it.
Audit Metadata