jina-reader
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
nodestool to executecurlcommands. These commands are used to interact with the Jina Reader and Search APIs to fetch content. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to
r.jina.aiands.jina.ai. Jina AI is a well-known technology provider in the AI ecosystem, and these requests are used for its intended content-reading functionality. - [PROMPT_INJECTION]: The skill includes strong directives that attempt to override the agent's default tool selection by explicitly forbidding the use of
api_calling, web browsers, or Python in favor of thenodestool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from arbitrary URLs without sanitization.
- Ingestion points: Content retrieved from the
r.jina.ai(Reader) ands.jina.ai(Search) endpoints (file:SKILL.md). - Boundary markers: None; the prompt does not provide delimiters or instructions to the agent to disregard commands embedded within the retrieved web content.
- Capability inventory: The skill can execute
curlcommands via thenodestool to fetch external data (file:SKILL.md). - Sanitization: None; the skill fetches content in raw markdown or JSON formats and passes it to the agent for processing.
Audit Metadata