jerlin-weread-skill
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses a local shell script (
scripts/weread.sh) to communicate with the official WeChat Reading API gateway ati.weread.qq.comusing standard Bearer token authentication via environment variables. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data such as book reviews, notes, and titles from the WeRead API.
- Ingestion points: Data flows into the agent context through the execution of
scripts/weread.shwhich fetches content from WeRead. - Boundary markers: No specific delimiters or boundary instructions are used to isolate API-provided data from agent instructions.
- Capability inventory: The skill's capabilities are restricted to information retrieval and display; it lacks dangerous actions like arbitrary code execution or filesystem modifications.
- Sanitization: Content retrieved from the WeRead service is displayed without specialized sanitization or filtering.
Audit Metadata