triage
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the user's Readwise inbox to generate summaries and 'pitches'.
- Ingestion points: Document content and summaries are fetched via
mcp__readwise__reader_list_documentsandmcp__readwise__reader_get_document_detailsinSKILL.md. - Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore instructions embedded within the fetched document text.
- Capability inventory: The agent can perform state-changing actions such as moving or archiving documents using
mcp__readwise__reader_move_documentor CLI equivalents. - Sanitization: There is no evidence of sanitization or filtering applied to the external document data before it is processed by the LLM.
Audit Metadata