build-persona
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and execute a local Python script via Bash. This is a performance optimization used to parse large JSON outputs from the Readwise API efficiently without exceeding the context window limits.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data. 1. Ingestion points: Document metadata and highlights are fetched from the Readwise API via MCP tools or CLI commands. 2. Boundary markers: No explicit delimiters or guardrail instructions are provided to distinguish document content from system instructions. 3. Capability inventory: The skill can execute shell commands (Bash/Python) and write files locally (e.g., reader_persona.md). 4. Sanitization: No explicit sanitization or filtering of the document content is implemented before summarization.
Audit Metadata