book-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is authored by 'readwiseio' and correctly utilizes its own vendor resources, including MCP tools (e.g.,
mcp__readwise__reader_search_documents) and CLI commands (readwise). - [SAFE]: Access to the local
reader_persona.mdfile is a standard pattern for personalizing AI behavior and does not pose a security risk in this context as it is used for style and framing. - [SAFE]: No malicious activities such as unauthorized data exfiltration to non-vendor domains, hardcoded credentials, or suspicious remote code execution were identified.
- [PROMPT_INJECTION]: The skill processes external data (user highlights and web research) which could contain indirect prompt injections.
- Ingestion points: Highlights are fetched via
mcp__readwise__reader_get_document_highlightsand supplemental data is gathered via web research in Phase 4. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed highlights.
- Capability inventory: The primary capabilities are generating a text draft and publishing it to Readwise via
mcp__readwise__reader_create_document. - Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is incorporated into the review draft.
Audit Metadata