markdown-to-epub-converter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill accepts a local 'File Path' as input for conversion. This allows an attacker to request the reading of sensitive system files (e.g., /etc/passwd, ~/.ssh/id_rsa) which are then packaged into an EPUB for retrieval, effectively exfiltrating host data.\n- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to processing untrusted Markdown data.\n
- Ingestion points: Raw text input and local file paths specified in SKILL.md.\n
- Boundary markers: Absent; there are no instructions to ignore embedded commands in the source markdown.\n
- Capability inventory: File system read access and EPUB file generation (write).\n
- Sanitization: None described; the agent is instructed to transform the markdown into structure without content validation.\n- [NO_CODE] (INFO): The referenced scripts 'epub_generator.py' and 'markdown_processor.py' are not included in the skill package. This lack of source code prevents verification of safe shell command execution or file path sanitization.\n- [COMMAND_EXECUTION] (MEDIUM): The skill implies the execution of Python scripts to process user-provided data. Without the source code, it is unclear if user-controlled filenames or content are safely handled when passed to system processes.
Recommendations
- AI detected serious security threats
Audit Metadata