jina-read-url
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves Markdown content from Jina Reader's official service, which is a well-known tool for converting web pages into a format suitable for AI agents.
- [DATA_EXFILTRATION]: The
scripts/read_url.pyscript transmits user-provided target URLs to the Jina Reader API. It also correctly handles theJINA_API_KEYfrom the environment to provide authenticated access to the service. - [COMMAND_EXECUTION]: The skill executes
scripts/read_url.py, which is a local Python script. This script contains functionality to write fetched data to a local file path if the--outputflag is provided by the agent or user. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted content from the public web.
- Ingestion points: External content enters the agent context via the output of
scripts/read_url.pyas described inSKILL.md. - Boundary markers: The
SKILL.mdinstructions guide the agent to inspect the content for completeness and metadata, though the script does not use specific structural delimiters to isolate the untrusted output. - Capability inventory: The agent can perform network requests and write to the local filesystem through the provided Python script.
- Sanitization: The script decodes the fetched Markdown content but does not perform additional sanitization or filtering of potential instructions embedded within the source content.
Audit Metadata