readwise-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for indirect prompt injection via user-saved highlights or article summaries. If user-controlled content contains malicious instructions, an agent reading the skill's output might be manipulated.
- Ingestion points:
scripts/readwise-client.tsfetches data from the Readwise v2 and v3 APIs. - Boundary markers: Absent. The output sections (Learnings, Timeline, etc.) described in
SKILL.mddo not use delimiters to isolate fetched content. - Capability inventory: The skill uses the
Bashtool to execute scripts and potentially other commands. - Sanitization: No sanitization or escaping of the highlight
textor documentsummaryis performed before displaying it to the agent. - [EXTERNAL_DOWNLOADS] (SAFE): Uses standard, well-known Node.js packages (chalk, ora) from the npm registry.
- [CREDENTIALS_UNSAFE] (SAFE): Properly handles the Readwise API token via an environment variable (
READWISE_API_TOKEN) as documented inSKILL.mdandreadwise-client.ts. - [DATA_EXFILTRATION] (SAFE): Network activity is restricted to the official
readwise.iodomain for its intended purpose.
Audit Metadata