audit-book-writing-v1

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill does not contain any detected malicious patterns such as prompt injection, obfuscation, or persistence mechanisms. Its behavior is consistent with its stated purpose of assisting in audit book writing.
  • [DATA_EXFILTRATION]: The skill includes instructions to interact with a local Zotero reference management instance via curl on localhost:23119. This is a legitimate integration for academic and professional writing, and because it targets the local loopback address, it does not constitute exfiltration to a remote attacker.
  • [COMMAND_EXECUTION]: The skill utilizes standard tools such as Bash, Grep, and WebFetch. The provided examples are limited to searching local markdown files and fetching data from official regulatory websites (e.g., CICPA, National Audit Office). These operations are scoped to the skill's research functions.
  • [INDIRECT_PROMPT_INJECTION]: The skill's workflow involves ingesting data from external web sources via WebSearch and WebFetch. This presents a theoretical surface for indirect prompt injection if an attacker-controlled website contains malicious instructions. However, the skill provides extensive manual and automated verification guidelines (the 4-round review process and DATA_VERIFICATION.md) to mitigate the risk of incorporating untrusted or fabricated content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:23 PM
Security Audit — agent-trust-hub — audit-book-writing-v1