pages
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Suggests creating a persistence mechanism using a cron job (
*/30 7-22 * * *) to execute periodic status checks ('Pages: check'). - [COMMAND_EXECUTION]: Uses shell commands including
grep,ls, andmkdirto manage and search the local book repository inkyp/pages/. - [PROMPT_INJECTION]: Contains an indirect prompt injection surface by instructing the agent to search the web and confirm book metadata (title, author, year) before saving files.
- Ingestion points: Web search results used to populate book markdown files (SKILL.md, 'Saving a Book' section).
- Boundary markers: Absent; no instructions provided to ignore or delimit instructions found in web content.
- Capability inventory: Local file system read/write via
mkdir,grep,ls, and markdown file generation. - Sanitization: Absent; the skill does not specify validation or sanitization of content retrieved from the web.
- [EXTERNAL_DOWNLOADS]: Fetches skill updates and configuration files from the author's official GitHub repository (
github.com/Know-Your-People/pages-skill).
Audit Metadata