now-reading-page
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to offer the 'open' command to launch the generated HTML file in the user's default browser for viewing.
- [EXTERNAL_DOWNLOADS]: The generated webpage references Google Fonts (Newsreader and DM Sans) via a standard stylesheet link to apply editorial-style typography.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing document metadata from the Readwise Reader library without explicit sanitization instructions.
- Ingestion points: Readwise document list fields (titles, authors, and site names) fetched via MCP tools or CLI.
- Boundary markers: Absent in the HTML generation logic.
- Capability inventory: The skill writes to the local file system and opens files in a browser.
- Sanitization: No explicit HTML escaping or data sanitization of the document metadata is provided in the instructions.
Audit Metadata