Skills
skills/mikkelkrogsholm/bookstrap/bookstrap-ingest/Gen Agent Trust Hub

bookstrap-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from external URLs and files through LLM-based tools for chunking and entity extraction.
  • Ingestion points: Data enters via user-supplied file paths, directories, and URLs processed in SKILL.md.
  • Boundary markers: Absent. The workflow does not specify delimiters or instructions for the LLM to ignore potentially malicious instructions embedded in the source documents.
  • Capability inventory: The skill has access to Bash (executing python scripts), Read (accessing the filesystem), and WebFetch (accessing network resources).
  • Sanitization: Absent. There is no evidence of filtering or escaping logic before content is passed to extraction scripts.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a sequence of local Python scripts, including scripts/ingest-file.py, which coordinates the ingestion pipeline.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the WebFetch tool to retrieve content from external URLs provided as arguments for research ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 08:06 AM