book-to-skill
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Privilege escalation risk in documentation (Category 5). The 'workflows/convert-formats.md' file includes 'sudo' commands for installing external utilities. Downgraded from HIGH to MEDIUM as it is part of the primary setup workflow and intended for user-mediated installation.
- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection (Category 8). The skill processes untrusted input to generate executable instructions and persistent skill content. Evidence: (1) Ingestion points: Untrusted .txt book files processed in 'workflows/analyze-book.md' and 'workflows/convert-book.md'. (2) Boundary markers: Absent; no delimiters are used to wrap or isolate book content. (3) Capability inventory: File-system write operations to create new skills and directories. (4) Sanitization: None identified; extraction logic does not filter for embedded instructions in book text.
- [EXTERNAL_DOWNLOADS] (LOW): External dependencies (Category 4). The skill relies on Calibre and Pandoc for format conversion. These are reputable tools but represent external code dependencies required for functionality.
Audit Metadata