reedle
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local CLI tool named
reedlevia Bash for managing the user's library, performing searches, and extracting content. Permissions are granted for anyreedlesubcommand.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of fetching and processing untrusted data from external URLs.\n - Ingestion points: Tools such as
reedle read,mcp__reedle__reedle_read_youtube, andmcp__reedle__reedle_read_bilibilifetch and display content from potentially attacker-controlled web pages and video transcripts.\n - Boundary markers: The instructions do not define clear boundaries or provide guidance to the agent to distinguish between its own instructions and the extracted external content.\n
- Capability inventory: The agent possesses the capability to execute shell commands, manage library data (including saving and deleting content), and interact with external APIs.\n
- Sanitization: There is no indication of content sanitization or instruction filtering applied to the data retrieved from external sources before it enters the agent's context.
Audit Metadata