The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): Deceptive provenance of content. The skill's description and metadata claim it accesses a 'personal Amazon (Kindle) library.' However, the technical implementation in SKILL.md points to library-archive.org and various TLD mirrors (.li, .se, .pm), which are well-known aliases for Library Genesis, a shadow library for pirated content. This deception masks the risks associated with downloading files from untrusted, non-official sources.
[CREDENTIALS_UNSAFE] (HIGH): Misled credential usage. The skill instructs users to set a LIBRARY_KEY environment variable. While the documentation implies this is an internal proxy key for their own Amazon account, the key is actually transmitted to the library-archive.org API. Providing credentials to unverified third-party shadow libraries poses a severe security and privacy risk.
[DATA_EXFILTRATION] (HIGH): Transmission of secrets to untrusted domains. The download command in scripts/library.py (referenced in documentation and tests) transmits the user-provided LIBRARY_KEY to external, untrusted mirrors. Because the user is led to believe these are 'internal' or 'Amazon-backed' services, this constitutes an exfiltration of potentially sensitive access tokens.
[COMMAND_EXECUTION] (LOW): Persistence through shell modification. The 'Troubleshooting' section provides explicit instructions for the user to modify their ~/.zshrc file. While the specific commands provided (setting SSL_CERT_FILE) are a legitimate fix for Python SSL issues on macOS, the practice of instructing users to modify shell initialization files can be a vector for persistence or environment manipulation.
[Indirect Prompt Injection] (LOW): Surface for content poisoning. By downloading and processing external Ebooks (PDF/EPUB) from untrusted mirrors, the agent is exposed to malicious instructions that could be embedded in the book metadata or text content, which is then processed by the ebook-extractor mentioned in the workflow.

library-ebooks