ebook-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and interpolates it into report templates without sanitization or boundary markers.\n
- Ingestion points: Ebook titles, descriptions, and comments are read from a Calibre SQLite database in
scripts/calibre-db.ts; markdown content is parsed inscripts/kb-generate-index.ts.\n - Boundary markers: No delimiters or defensive instructions (e.g., 'ignore embedded instructions') are used when interpolating variables like
{EXACT_QUOTE}or{DESCRIPTION}intemplates/analysis-report.md.\n - Capability inventory: The skill possesses the ability to read and write to the local file system and perform SQLite database queries.\n
- Sanitization: There is no evidence of sanitization or safety-filtering for ingested strings before they are presented to the agent context.\n- External Downloads (SAFE): The skill imports standard Deno modules from trusted registries including
deno.landandjsr.io. These are versioned and considered standard for the skill's development environment. Per [TRUST-SCOPE-RULE], these references are marked SAFE/INFO.\n- Data Exposure (SAFE): Local file system and environment variable access (BOOKS_DIR) are restricted to the skill's operational requirements for ebook management and are not used for exfiltration.
Audit Metadata