The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses sensitive authentication data and circumvents browser security controls. It reads the file ~/.readwise/env which is stated to contain session cookies. Additionally, the readwise auth session command is documented to extract httpOnly cookies directly from a browser session via Chrome DevTools Protocol (CDP), a technique that bypasses standard web security boundaries intended to prevent script access to session tokens.- [COMMAND_EXECUTION]: The skill relies on the execution of a local CLI tool named readwise. It invokes this tool for multiple sensitive operations including authentication (readwise auth session), data querying (readwise chat), and conversation management (readwise chat-list, readwise chat-delete).- [DATA_EXFILTRATION]: The skill accesses the user's entire library of personal highlights and notes. This data is streamed via WebSockets to an external service for processing and synthesis, which constitutes a significant exposure of private user data.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it processes. Ingestion points: The skill performs Retrieval-Augmented Generation (RAG) over the user's full highlight library. Boundary markers: There are no specified delimiters or instructions to treat highlight content as untrusted data. Capability inventory: The skill can execute shell commands via the readwise CLI and manage user account data. Sanitization: No sanitization or validation of the retrieved highlight content is performed before it is synthesized by the model.

readwise-chat