skill-from-book
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is designed to ingest and process text from external sources (e.g., book.md), which represents a surface for indirect prompt injection. Malicious instructions within the source book could potentially influence the behavior of the extraction subagents.\n
- Ingestion points:
references/extraction-patterns.mddefines subagent tasks that read source book content.\n - Boundary markers: While task instructions define specific line ranges, the prompt templates lack explicit delimiters or instructions to ignore embedded commands within the source text.\n
- Capability inventory: The skill includes filesystem write capabilities via
scripts/init-book-skill.pyand suggests shell command execution inreferences/analysis-guide.md.\n - Sanitization: No input validation or sanitization of the source material is mentioned in the guides or the utility script.\n- COMMAND_EXECUTION (SAFE): The
scripts/init-book-skill.pyutility and the shell commands recommended inreferences/analysis-guide.md(such as wc and grep) are benign. The Python script uses standard libraries (argparse, os, pathlib) to create a project structure and write boilerplate text without any unsafe execution patterns or external dependencies.
Audit Metadata