apple-books-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
apple-books-mcppackage from an external third-party repository via theuvxtool. - [COMMAND_EXECUTION]: The user is instructed to run shell commands using
npxanduvxto set up the MCP server environment. - [REMOTE_CODE_EXECUTION]: The skill relies on external code provided by the
apple-books-mcppackage, which executes locally to retrieve data from the Apple Books application. - [PROMPT_INJECTION]: The skill processes user-generated content from book highlights and notes, providing an entry point for indirect prompt injection.
- Ingestion points: Highlighted text and annotations retrieved from the Apple Books library.
- Boundary markers: The prompt lacks specific delimiters to separate user data from agent instructions.
- Capability inventory: Includes file reading through the MCP server and markdown file creation via Python scripts.
- Sanitization: No sanitization is performed on the extracted highlight text before it is used in markdown templates.
Audit Metadata