ljg-read
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external URLs and files without explicit boundary markers. This creates an attack surface for indirect prompt injection, where malicious instructions hidden in the text could attempt to override the agent's behavior.
- Ingestion points: URL fetching via WebFetch and markdown-proxy, PDF reading, and local file access.
- Boundary markers: Absent. The skill does not provide clear delimiters or instructions to ignore commands within the source text.
- Capability inventory: Shell command execution (date) and file system writes to ~/Documents/notes/.
- Sanitization: Absent. There is no evidence of filtering or validating the content retrieved from external sources.
- [COMMAND_EXECUTION]: The skill uses shell commands (date) to generate unique identifiers and timestamps for its note-taking functionality. It also performs local file system writes to save study notes in the ~/Documents/notes/ directory.
- [EXTERNAL_DOWNLOADS]: The skill retrieves content from user-specified web addresses using external tools like WebFetch or markdown-proxy.
Audit Metadata