readwise
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates standard and safe behavior for an API-based integration. It requires a user-provided
READWISE_TOKENand executes local scripts (readwise.mjs,reader.mjs) to perform its functions. No evidence of data exfiltration to unauthorized domains, credential harvesting, or suspicious command execution was found.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it retrieves user highlights and articles from external sources (Readwise and Reader APIs).\n - Ingestion points: Highlights and article content are ingested via the
readwise.mjsandreader.mjsscripts.\n - Boundary markers: The skill documentation does not specify any delimiters or safety instructions to prevent the agent from obeying instructions embedded within the retrieved content.\n
- Capability inventory: The skill utilizes
nodeto run scripts that perform network requests to the official Readwise API and output JSON data.\n - Sanitization: No sanitization or filtering logic is mentioned in the skill documentation to handle potentially malicious text within highlights or articles.
Audit Metadata