book-study
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates external, untrusted content into its long-term knowledge base.
- Ingestion points: Data enters the agent's context through user-provided notes, verbal summaries, and local file paths (PDF, TXT, MD) as defined in the 'Phase 2: Read + Compile (Ingest)' section of SKILL.md.
- Boundary markers: The skill instructions do not provide delimiters or specific guidance to the agent to disregard instructions that might be embedded within the ingested books or user notes.
- Capability inventory: The skill performs file reads (ingesting external documents), file writes (creating and updating the 'book-wiki/'), and high-level knowledge synthesis (summarizing and querying concepts).
- Sanitization: There is no evidence of content validation, escaping, or filtering of the external data before it is stored in the wiki or used in subsequent Socratic questioning phases.
Audit Metadata