readwise-reader
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to fetch and process arbitrary content from external URLs (articles, RSS feeds, and transcripts).
- Ingestion points: External content enters the agent's context through
reader_client.pywhen using thedocs list --with-contentcommand, which retrieveshtml_contentfrom the Readwise API. - Boundary markers: The skill does not implement delimiters or specific instructions to the agent to disregard instructions found within the fetched document content.
- Capability inventory: The skill has the capability to perform network requests and execute local scripts via
uv runas defined inSKILL.md. - Sanitization: No evidence of content sanitization or instruction filtering is present in the provided scripts.
- [COMMAND_EXECUTION]: The skill relies on
uv runfor executing its Python-based CLI tool, which involves local command execution within the agent's environment. - [EXTERNAL_DOWNLOADS]: The
reader_client.pyscript makes network calls to the official Readwise API domain (readwise.io) to interact with the Reader service and retrieve document data.
Audit Metadata