reading-companion
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavioral patterns, obfuscation, or persistence mechanisms were detected. The skill operates within the scope of its stated purpose.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes data from user-managed markdown files. 1. Ingestion points: Files within '~/Documents/xiaodazi_reading/'. 2. Boundary markers: None defined. 3. Capability inventory: Local file system read and write operations. 4. Sanitization: None mentioned. The risk remains negligible as the skill lacks high-privilege capabilities such as shell execution or external network access.
Audit Metadata