ljg-read
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process text from untrusted external sources like URLs and local PDFs.
- Ingestion points: Content is retrieved via 'WebFetch', 'markdown-proxy', and the 'Read' tool for PDFs and files (SKILL.md).
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted external content from the agent's instructions.
- Capability inventory: The agent has capabilities to write files to the local directory '~/Documents/notes/' and execute system commands (SKILL.md).
- Sanitization: The instructions do not specify any sanitization or validation of the fetched text before analysis and translation.
- [COMMAND_EXECUTION]: The skill utilizes shell commands ('date') to generate formatted timestamps for file naming and document metadata (SKILL.md).
- [DATA_EXFILTRATION]: The skill performs network operations by fetching content from arbitrary URLs and writes reading logs to the local filesystem at '~/Documents/notes/' (SKILL.md).
Audit Metadata