cli-anything-calibre

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the cli-anything-calibre package directly from a GitHub repository (HKUDS/CLI-Anything.git).
  • [COMMAND_EXECUTION]: System-level binaries including calibredb, ebook-convert, and ebook-meta are wrapped and executed by the skill to perform library tasks.
  • [COMMAND_EXECUTION]: The documentation provides instructions for installing system dependencies using package managers (apt-get, brew), which involve administrative privileges.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating a surface for indirect prompt injection.
  • Ingestion points: External book files are added to the library (books add) and metadata is manipulated or searched (books search, meta set).
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are documented for handling book content or metadata.
  • Capability inventory: The skill possesses significant capabilities including file system writes, file deletion, and shell command execution via the wrapped Calibre binaries.
  • Sanitization: There is no evidence of content sanitization or validation of data extracted from e-book files before it is processed by the harness.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:17 PM
Security Audit — agent-trust-hub — cli-anything-calibre