Skills
skills/joelhooks/joelclaw/pdf-brain-ingest/Gen Agent Trust Hub

pdf-brain-ingest

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the joelclaw command-line utility to perform operations such as adding documents (joelclaw docs add), checking pipeline status, and monitoring ingestion runs.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the aa-book tool to search for and download external documents based on search queries or MD5 hashes as part of the acquisition process.
  • [PROMPT_INJECTION]: The ingestion of PDF, Markdown, and TXT files into the agent's memory pipeline presents a surface for indirect prompt injection. Malicious instructions embedded in these files could be retrieved and processed by the agent during subsequent tasks.
  • Ingestion points: Documents are ingested via the joelclaw docs add command and the pipeline/book.download event described in SKILL.md and references/operator-guide.md.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are utilized when processing the content of the files.
  • Capability inventory: The agent can use the ingested content for search, indexing, and context retrieval within its memory systems.
  • Sanitization: There is no mention of sanitization or filtering logic to identify and neutralize instructions embedded within the ingested files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 01:02 PM