readx
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to access and write to sensitive local file paths (e.g.,
~/.config/readx/credentials.jsonor%APPDATA%\readx\credentials.json) to store and retrieve theREADX_API_KEY. - [COMMAND_EXECUTION]: The toolkit utilizes Bash and
curlto interact with the ReadX API when MCP tools are unavailable, which requires the agent to execute shell commands directly. - [EXTERNAL_DOWNLOADS]: The skill dynamically fetches documentation from a remote source (
https://readx.cc/api-docs.txt) and uses the content to guide its API interactions, introducing a dependency on remote instruction integrity. - [PROMPT_INJECTION]: The skill's primary function involves analyzing untrusted external data from Twitter/X, creating a surface for indirect prompt injection attacks.
- Ingestion points: Tweet content, user profiles, community metadata, and search results retrieved from the Twitter/X API.
- Boundary markers: The instructions do not specify the use of delimiters or clear directives for the agent to ignore instructions embedded within the social media data.
- Capability inventory: The agent has the ability to read/write local configuration files and execute shell commands (
curl). - Sanitization: There are no explicit steps provided to sanitize or filter retrieved content before it is processed by the agent's logic.
Audit Metadata