book-converter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The script
scripts/convert_book.pyutilizessubprocess.runto executepandoc,date, andwc. These calls are implemented using argument lists rather than shell strings, which effectively mitigates shell injection risks. The operations are strictly functional for the book conversion process. - INDIRECT_PROMPT_INJECTION (LOW): The skill's workflow (Phase 2 and 3) involves an AI agent reading and formatting the text extracted from user-provided EPUB files. This creates a surface for indirect prompt injection if the book content contains adversarial instructions.
- Ingestion points:
raw/book-parsed.md(read by subagents during Phase 2/3). - Boundary markers: Absent; there are no specific delimiters to distinguish book content from agent instructions in the suggested prompts.
- Capability inventory: The agent is tasked with writing multiple files (
CHAPTER_MAP.md,FORMATTING_PLAN.md, and chapter files) and updating a progress file. - Sanitization: Absent; the content converted from EPUB is processed as raw Markdown without escaping or validation.
Audit Metadata