epub
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection from processed EPUB content. * Ingestion points: User-provided EPUB files are read by the 'full', 'chapter', and 'search' commands. * Boundary markers: No explicit delimiters or 'ignore' instructions are used to separate ebook content from agent instructions in the output. * Capability inventory: The skill executes a local Node.js script to read files and then interprets the resulting text. * Sanitization: Uses 'turndown' for structural conversion, which does not filter out potential natural language instructions.
- COMMAND_EXECUTION (SAFE): Executes a local TypeScript-compiled Node.js script. This is the intended behavior and is restricted to the skill's installation directory.
- EXTERNAL_DOWNLOADS (SAFE): Standard dependencies are pulled from NPM during installation; no runtime remote code execution or untrusted downloads were found.
Audit Metadata