learn-craft
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes a bundled Python script (
scripts/libgen.py) to search for and download PDF documents fromlibgen.li. This is an unofficial, third-party source not associated with the vendor or a trusted organization. - [COMMAND_EXECUTION]: The orchestrator uses shell commands to execute the bundled
libgen.pyscript and to spawn subagents for parallel processing of downloaded documents. It constructs paths dynamically using a user-provided 'slug'. - [REMOTE_CODE_EXECUTION]: The skill performs automated network operations to an unverified external domain (
libgen.li) to fetch binary data. While the data is intended to be PDFs, downloading and processing files from non-trusted external sources introduces a vector for secondary attacks. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Untrusted PDF files downloaded from a shadow library are ingested and read 'cover to cover' by subagents.
- Boundary markers: Absent. The instructions to subagents do not include delimiters or specific ignore-instructions for the external content.
- Capability inventory: The agent has capabilities to execute shell scripts, write to the filesystem, and perform network requests.
- Sanitization: No validation or sanitization of the PDF content or the resulting synthesized text is mentioned, allowing malicious instructions embedded in a book to potentially influence the agent's behavior during synthesis.
- [COMMAND_EXECUTION]: The skill generates new executable 'skills' in the
~/.claude/skills/directory. While this is the intended purpose, it involves script generation that will be executed in future sessions.
Audit Metadata