Skills
skills/lijigang/ljg-skill-xray-book/ljg-xray-book/Gen Agent Trust Hub

ljg-xray-book

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in Step 5. The skill executes the command open ~/Documents/notes/{filename} via Bash, where {filename} is constructed using a book title that can be provided by the user or fetched from the web. A malicious book title such as mybook; rm -rf ~; would result in the execution of unintended and potentially destructive shell commands.- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability.
  • Ingestion points: Step 1 (book content, links, and results from WebSearch).
  • Boundary markers: None present; the skill does not use delimiters or explicit instructions to ignore embedded commands within the book source text.
  • Capability inventory: File writing (Write tool to ~/Documents/notes/), shell command execution (Bash for date and open), and network access (WebSearch).
  • Sanitization: Absent; external content is processed directly for structure extraction and used to generate filenames, allowing a malicious payload in a book to hijack agent logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:11 AM