jina-reader
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
https://r.jina.ai/, a well-known service used to read and convert web pages to Markdown. The implementation uses standard Python libraries for network communication. - [COMMAND_EXECUTION]: The skill includes a Python script
scripts/read_url.pythat handles URL normalization and API interaction. The script allows for writing output to a local file if the--outputflag is used, which is consistent with its stated purpose of saving fetched artifacts. - [PROMPT_INJECTION]: The skill operates as an ingestion point for arbitrary public web content, creating an indirect prompt injection surface where malicious instructions on a fetched page could attempt to influence the agent.
- Ingestion points:
scripts/read_url.pyfetches data from any public HTTP/HTTPS URL. - Boundary markers: The fetched content is printed or saved as Markdown without specific delimiters or instructions to the LLM to ignore embedded commands.
- Capability inventory: The skill can read network resources and write content to local files.
- Sanitization: No sanitization or filtering is applied to the fetched Markdown before it is returned to the agent context.
Audit Metadata