The Agent Skills Directory

[SAFE]: The skill performs its stated purpose of document conversion using standard procedures and provides clear user prompts and cost estimates before processing data. It also includes a cleanup step to remove temporary files from /tmp.
[COMMAND_EXECUTION]: The Python script extract.py executes system utilities like pdftotext and pdfinfo using subprocess.run. These calls are performed using lists for arguments rather than shell strings, which effectively mitigates the risk of command injection from user-provided file paths.
[EXTERNAL_DOWNLOADS]: The skill depends on several standard and widely-used Python packages (PyPDF2, docling, pdfminer.six, ebooklib, beautifulsoup4) for text extraction. These libraries are verifiable and commonly used in the technical community for document parsing tasks.
[PROMPT_INJECTION]: Because the skill processes external PDF and EPUB content, it possesses an indirect prompt injection attack surface. However, the risk is minimized by the skill's logic, which directs the agent to analyze, synthesize, and structure the content rather than performing raw text reproduction, thereby reducing the chance of accidental execution of embedded instructions.

book-to-skill