cli-anything-calibre
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
cli-anything-calibrepackage directly from a GitHub repository (HKUDS/CLI-Anything.git). - [COMMAND_EXECUTION]: System-level binaries including
calibredb,ebook-convert, andebook-metaare wrapped and executed by the skill to perform library tasks. - [COMMAND_EXECUTION]: The documentation provides instructions for installing system dependencies using package managers (
apt-get,brew), which involve administrative privileges. - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: External book files are added to the library (
books add) and metadata is manipulated or searched (books search,meta set). - Boundary markers: No specific delimiters or "ignore instructions" warnings are documented for handling book content or metadata.
- Capability inventory: The skill possesses significant capabilities including file system writes, file deletion, and shell command execution via the wrapped Calibre binaries.
- Sanitization: There is no evidence of content sanitization or validation of data extracted from e-book files before it is processed by the harness.
Audit Metadata