jina-reader
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python helper script (
scripts/read_url.py) designed to be executed by the agent to fetch and process web content. The script uses standard libraries and includes a feature to save output to a local file when requested by the user. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://r.jina.ai/, a well-known service provided by Jina AI for reading web pages. These requests are authenticated using theJINA_API_KEYenvironment variable, which is a standard and secure practice for handling credentials. - [PROMPT_INJECTION]: The skill processes untrusted external data from the public web, which represents a surface for indirect prompt injection. Ingestion points: Web content fetched via the Jina Reader API from arbitrary URLs. Boundary markers: None explicitly defined in the instructions to isolate fetched content. Capability inventory: File system writes via the
--outputflag and network read operations. Sanitization: No specific content filtering is performed on the incoming Markdown data. This risk is inherent to the tool's primary function and is addressed by instructional guidance for the agent and user oversight.
Audit Metadata