epub-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses subprocess.run to invoke the epubcheck utility. It avoids the shell=True parameter and uses a strict sanitization regex on titles (allowing only alphanumeric, spaces, and dashes) which prevents arbitrary command injection.
- [DATA_EXFILTRATION] (SAFE): The skill reads local markdown and image files and writes to a local EPUB file. No network operations, external requests, or data exfiltration attempts were found.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or sensitive credentials were found. Path references are relative or user-provided and do not target system sensitive files.
- [PROMPT_INJECTION] (SAFE): The skill's metadata and instructions are task-oriented and do not contain any patterns designed to bypass safety filters or override agent behavior.
- [DYNAMIC_EXECUTION] (SAFE): YAML metadata is parsed using yaml.safe_load, which is the secure practice for avoiding arbitrary code execution during deserialization.
Audit Metadata