Skills
skills/ratacat/claude-skills/ebook-extractor/Gen Agent Trust Hub

ebook-extractor

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill parses untrusted external files (EPUB, MOBI, PDF) and returns their raw text content to the agent. This content could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Files are read in extract_epub.py, extract_mobi.py, and extract_pdf.py.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded text.
  • Capability inventory: The text is returned to the agent for processing.
  • Sanitization: Only HTML tags are removed (in EPUB); text content is unvalidated.
  • [Command Execution] (LOW): The script extract_mobi.py executes the system command ebook-convert. While it uses subprocess.run with a list of arguments (mitigating shell injection), it relies on an external binary to process potentially malformed user data.
  • [External Downloads] (LOW): The setup.sh script installs third-party Python packages (ebooklib, beautifulsoup4, PyMuPDF) and suggests installing Calibre. These are standard, well-known tools, making the risk low per [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:44 AM