The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/setup.sh script downloads a compiled binary for Anna's Archive from a third-party GitHub repository (iosifache/annas-mcp) which is not an official or trusted vendor source.
[REMOTE_CODE_EXECUTION]: The installation process involves fetching a remote file, extracting it, and manually setting execution permissions using chmod +x before running the binary at runtime.
[COMMAND_EXECUTION]: The scripts/book.py script executes the external annas-mcp tool via subprocess.run, passing environment variables and user-derived arguments to the process.
[CREDENTIALS_UNSAFE]: Sensitive Z-Library login credentials (email and password) are stored in plaintext within a local .env file at ~/.claude/book-tools/.env. Authentication tokens are also cached in a local config.json file.
[PROMPT_INJECTION]: The skill processes untrusted metadata from external search backends and presents it to the agent. 1. Ingestion points: Book titles, authors, and descriptions are retrieved from the Z-Library API and Anna's Archive CLI. 2. Boundary markers: No boundary markers or 'ignore' instructions are used to separate untrusted data from the agent's instructions. 3. Capability inventory: The skill has the ability to execute subprocesses, write files, and perform network requests. 4. Sanitization: No content sanitization is performed on search results before they are displayed.

zlib-download