book-installer
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill installs and executes several shell scripts to manage infrastructure and monitoring. This includes the 'Skill Tracker' which installs persistent hooks in
~/.claude/settings.json(UserPromptSubmit, PreToolUse, PostToolUse) to monitor all agent interactions. It also includes a cover generation script that uses browser automation on macOS requiring Accessibility permissions to control the user's browser. - [DATA_EXFILTRATION]: The
feedback.jscomponent includes functionality to transmit telemetry, including page URLs, timestamps, and user agent strings, to an external endpoint that can be defined by the user in themkdocs.ymlconfiguration. - [EXTERNAL_DOWNLOADS]: The project templates and snippets configure the resulting textbook to load multiple third-party JavaScript libraries from public CDNs. These include
vis-network(from unpkg.com),KaTeXandMathJax(from jsdelivr.net or unpkg.com), andGiscus(from giscus.app). While these are common libraries, they represent a remote script execution surface in the generated site. - [DATA_EXPOSURE]: The 'Skill Tracker' functionality creates a local log of every prompt the user sends to the AI agent, along with session IDs and execution metadata, in the
~/.claude/activity-logs/directory. This results in a permanent record of all user interactions with the AI across all projects.
Audit Metadata