Skills
skills/joelhooks/joelclaw/pdf-brain-ingest/Gen Agent Trust Hub

pdf-brain-ingest

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes commands through the joelclaw and aa-book CLI tools to manage ingestion workflows, monitor runs, and handle system status.
  • [EXTERNAL_DOWNLOADS]: The aa-book tool is used to search for and download PDF documents from external sources based on user queries, as part of the primary document acquisition workflow.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes untrusted external data from PDF, Markdown, and TXT files.
  • Ingestion points: Document data enters the system through the joelclaw docs add command and automated downloads via aa-book.
  • Boundary markers: There are no explicit delimiters or instructions provided to separate ingested document content from the agent's internal system prompts.
  • Capability inventory: The skill possesses the capability to execute shell commands, perform network operations via joelclaw send, and initiate file transfers via SSH/SCP for NAS backups.
  • Sanitization: No sanitization or content validation steps are documented for the text extracted from files prior to its ingestion into the memory pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:16 AM
Security Audit — agent-trust-hub — pdf-brain-ingest