skills/giulioco/skills/learn-craft/Gen Agent Trust Hub

learn-craft

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes a bundled Python script (scripts/libgen.py) to search for and download PDF documents from libgen.li. This is an unofficial, third-party source not associated with the vendor or a trusted organization.
  • [COMMAND_EXECUTION]: The orchestrator uses shell commands to execute the bundled libgen.py script and to spawn subagents for parallel processing of downloaded documents. It constructs paths dynamically using a user-provided 'slug'.
  • [REMOTE_CODE_EXECUTION]: The skill performs automated network operations to an unverified external domain (libgen.li) to fetch binary data. While the data is intended to be PDFs, downloading and processing files from non-trusted external sources introduces a vector for secondary attacks.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
  • Ingestion points: Untrusted PDF files downloaded from a shadow library are ingested and read 'cover to cover' by subagents.
  • Boundary markers: Absent. The instructions to subagents do not include delimiters or specific ignore-instructions for the external content.
  • Capability inventory: The agent has capabilities to execute shell scripts, write to the filesystem, and perform network requests.
  • Sanitization: No validation or sanitization of the PDF content or the resulting synthesized text is mentioned, allowing malicious instructions embedded in a book to potentially influence the agent's behavior during synthesis.
  • [COMMAND_EXECUTION]: The skill generates new executable 'skills' in the ~/.claude/skills/ directory. While this is the intended purpose, it involves script generation that will be executed in future sessions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 09:29 PM