surprise-me
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes user-generated highlights and document metadata without specific boundary markers. • Ingestion points: Readwise highlights and document records (SKILL.md). • Boundary markers: None; the agent is not instructed to ignore commands embedded in user data. • Capability inventory: Read-only access via MCP and vendor CLI. • Sanitization: No sanitization is performed on highlight text.
- [COMMAND_EXECUTION]: Directs the agent to use the
readwiseCLI for data retrieval. This is a trusted vendor resource from the authorreadwiseioused for its intended purpose.
Audit Metadata