readwise-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for a Readwise access token and embed it into a CLI command (readwise login-with-token ), which requires handling and outputting the secret verbatim and is therefore an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required retrieval workflow and CLI examples (e.g., readwise reader-search-documents, readwise-search-highlights, reader-get-document-details) explicitly fetch and ingest the user's Readwise/Reader documents and highlights (which can include user-imported or public web content) and then uses that content to synthesize memos and drive proposed tagging/move actions, so arbitrary third-party/user-generated text could materially influence the agent's decisions.