webread
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external tools including 'webread' (via npm) and 'twitter-cli' (via Homebrew), which are vendor-provided resources, and '@larksuite/cli' (via npm), a tool from a well-known service.
- [COMMAND_EXECUTION]: The skill executes complex bash commands to automate browser navigation via a local daemon and to process downloaded images. While input variables are quoted, the complexity of shell execution on data derived from the internet increases the attack surface.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when processing web content.
- Ingestion points: Content is read from external URLs via the 'webread' and 'lark-cli' tools in the SKILL.md workflow.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the fetched content as untrusted data.
- Capability inventory: The skill utilizes bash for file system operations and network requests.
- Sanitization: Content is converted to Markdown, which provides structural cleaning but does not prevent embedded natural language instructions from influencing the AI.
Audit Metadata