make-ebook
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
pandoc/latex:3.8Docker image within a GitHub Actions environment. This is a well-known service provided by the Pandoc community and is considered a safe external dependency for its intended purpose. - [COMMAND_EXECUTION]: The skill is designed to create file content for
.github/workflows/ebook.ymland trigger workflow runs via the GitHub API. These operations are necessary for the skill's primary function of automating document builds. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) due to its dependency on repository content for configuration and document generation.
- Ingestion points: The skill reads
README.md, all files indocs/**/*.md, and the.bookorderfile to determine build order and content. - Boundary markers: No specific delimiters or directives are used to signal the agent to ignore instructions embedded within the processed markdown files.
- Capability inventory: The agent has the capability to write to the repository's CI/CD configuration (
.github/workflows/ebook.yml) and trigger external automated tasks. - Sanitization: The skill does not implement explicit sanitization or validation of the markdown content before it is used to structure the GitHub Actions workflow or the final ebook output.
Audit Metadata