jina-reader

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://r.jina.ai/, a well-known service used to read and convert web pages to Markdown. The implementation uses standard Python libraries for network communication.
  • [COMMAND_EXECUTION]: The skill includes a Python script scripts/read_url.py that handles URL normalization and API interaction. The script allows for writing output to a local file if the --output flag is used, which is consistent with its stated purpose of saving fetched artifacts.
  • [PROMPT_INJECTION]: The skill operates as an ingestion point for arbitrary public web content, creating an indirect prompt injection surface where malicious instructions on a fetched page could attempt to influence the agent.
  • Ingestion points: scripts/read_url.py fetches data from any public HTTP/HTTPS URL.
  • Boundary markers: The fetched content is printed or saved as Markdown without specific delimiters or instructions to the LLM to ignore embedded commands.
  • Capability inventory: The skill can read network resources and write content to local files.
  • Sanitization: No sanitization or filtering is applied to the fetched Markdown before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:09 AM
Security Audit — agent-trust-hub — jina-reader