Skills
skills/bighardperson/computer-science-skills-collection/BookNotes Reading Notes and Book Tracker/Gen Agent Trust Hub

BookNotes Reading Notes and Book Tracker

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied text for book notes and quotes, which are persisted in local markdown files. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the data and later influence the agent's behavior during summarization or retrieval tasks.
  • Ingestion points: User data is captured through conversational interactions and written to files such as notes.md and quotes.md via the addNote and addQuote methods in src/book-notes.js.
  • Boundary markers: The skill does not implement delimiters or explicit instructions to the agent to treat the retrieved content as potentially untrusted data.
  • Capability inventory: The skill possesses file system write capabilities (fs.appendFileSync, fs.writeFileSync) as seen in src/book-notes.js.
  • Sanitization: Input content is stored in its raw format without sanitization or filtering of embedded instructions or command patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — BookNotes Reading Notes and Book Tracker