jina-read-url

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves Markdown content from Jina Reader's official service, which is a well-known tool for converting web pages into a format suitable for AI agents.
  • [DATA_EXFILTRATION]: The scripts/read_url.py script transmits user-provided target URLs to the Jina Reader API. It also correctly handles the JINA_API_KEY from the environment to provide authenticated access to the service.
  • [COMMAND_EXECUTION]: The skill executes scripts/read_url.py, which is a local Python script. This script contains functionality to write fetched data to a local file path if the --output flag is provided by the agent or user.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted content from the public web.
  • Ingestion points: External content enters the agent context via the output of scripts/read_url.py as described in SKILL.md.
  • Boundary markers: The SKILL.md instructions guide the agent to inspect the content for completeness and metadata, though the script does not use specific structural delimiters to isolate the untrusted output.
  • Capability inventory: The agent can perform network requests and write to the local filesystem through the provided Python script.
  • Sanitization: The script decodes the fetched Markdown content but does not perform additional sanitization or filtering of potential instructions embedded within the source content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:09 AM
Security Audit — agent-trust-hub — jina-read-url