Skills
skills/mrsekut/agent-skills/book-skill-generator/Gen Agent Trust Hub

book-skill-generator

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the local Python script scripts/parse_book.py using python3 to transform OCR JSON data into structured Markdown files.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted OCR text and incorporates it into the instructions and descriptions of newly generated skills.\n
  • Ingestion points: Data is read from the user-provided file path (<OCR_JSON_PATH>) in SKILL.md.\n
  • Boundary markers: The Python script identifies content using the > prefix, which acts as a structural delimiter but does not provide security against embedded malicious instructions.\n
  • Capability inventory: The skill uses the Write tool to install new skills in ~/.claude/skills/, the Read tool to access local files, and the Task tool for parallel sub-agent processing.\n
  • Sanitization: Extracted text is directly interpolated into Markdown templates without semantic validation or instruction filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:37 PM
Security Audit — agent-trust-hub — book-skill-generator