book-study
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No high-severity security issues were detected. The skill's operations are confined to the local filesystem for managing reading notes and study plans.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from external files (PDF, txt, md) and user-provided notes. However, the impact is low as the agent lacks network access and arbitrary code execution tools. Ingestion points: 'ingest' command in
SKILL.md. Boundary markers: None explicitly defined. Capability inventory: Limited to reading and writing markdown files in thebook-wiki/directory. Sanitization: Not performed on ingested text content. - [DATA_EXFILTRATION]: The ingestion process allows reading local files via user-provided paths. While intended for study materials, this could be used to read sensitive local data if an attacker directs the agent to a sensitive path. The risk is minimized as the skill does not support data exfiltration over the network.
Audit Metadata