weread
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill relies on an external CLI tool,
weread-agent-cli, which users are instructed to install globally via the npm package manager (npm install -g weread-agent-cli). - [COMMAND_EXECUTION]: The skill operates by executing shell commands using the
wereadCLI. It interpolates user-provided data, such as search keywords and book titles, into these commands. While the instructions use double quotes as a basic safeguard, there is a theoretical risk of command injection if the user input contains shell-sensitive characters that are not properly sanitized by the underlying CLI tool. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data retrieved via the WeRead API. 1. Ingestion points: Data enters the agent context through CLI commands like
weread searchandweread reviews list. 2. Boundary markers: The skill does not define delimiters for this external content. 3. Capability inventory: The agent can execute shell commands via thewereadCLI. 4. Sanitization: No sanitization is specified for the API-returned content.
Audit Metadata