ljg-read
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
datecommand to create unique timestamps for file naming purposes. This is a common administrative task for organizing notes and does not pose a security risk. - [EXTERNAL_DOWNLOADS]: The skill retrieves text from user-specified URLs and local PDF files to provide reading assistance. These operations are core to the skill's functionality and are performed using standard, restricted tools.
- [DATA_EXFILTRATION]: The skill saves interaction logs and summaries to the local directory
~/Documents/notes/. This behavior is transparently documented and serves the legitimate purpose of allowing the user to keep a record of their reading sessions. - [PROMPT_INJECTION]: By processing content from external URLs and files, the skill presents an indirect prompt injection surface. However, the instructions do not include any patterns designed to bypass safety filters, and the tool's capabilities are appropriately limited to the reading companion use case.
Audit Metadata