slax-reader
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
reader-cliutility to perform various tasks such as adding, listing, and retrieving bookmarks. These commands are integral to the skill's purpose of managing a reading library. - [CREDENTIALS_SAFE]: The skill includes explicit security rules for handling API keys, such as prioritizing interactive login and instructing the agent never to print keys in its output. It uses placeholders for sensitive parameters in example commands.
- [INDIRECT_PROMPT_INJECTION]: The skill fetches external content from the user's library in Markdown format, which presents a potential injection surface.
- Ingestion points: Bookmark content retrieved via
reader-cli get <bookmark-id> --markdowninSKILL.md. - Boundary markers: No specific delimiters are defined to isolate untrusted content from the prompt.
- Capability inventory: The skill is limited to shell commands using the
reader-clitool. - Sanitization: There are no instructions for sanitizing or escaping the retrieved Markdown content before the agent processes it.
- [EXTERNAL_DEPENDENCY]: The skill relies on an external CLI tool provided by the vendor. It includes instructions for checking updates and syncing the skill via
reader-cli upgrade, which is a standard maintenance procedure for such integrations.
Audit Metadata