weread-skills
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official WeRead API gateway at
https://i.weread.qq.com/api/agent/gateway. This is the legitimate service endpoint for the vendor (Tencent) and is used for retrieving book metadata, user stats, and notes. - [CREDENTIALS_UNSAFE]: Authentication is performed using a Bearer token supplied via the
WEREAD_API_KEYenvironment variable. This aligns with secure development practices by avoiding hardcoded secrets and relying on the execution environment's secret management. - [PROMPT_INJECTION]: The skill processes user-generated content, such as book reviews and personal highlights (indirect prompt injection surface). However, the instructions provide strict formatting and transformation rules for this data—such as converting Unix timestamps and calculating reading progress—which guides the agent to process the data as information rather than instructions.
- [DATA_EXFILTRATION]: Network operations are restricted to the primary vendor domain (
qq.com). No evidence of data being sent to unauthorized third-party servers was found.
Audit Metadata