Skills
skills/as4584/antigravity-skills/writing-skills/Gen Agent Trust Hub

writing-skills

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The render-graphs.js script uses child_process.execSync to run the dot utility and the which command. This allows the skill to execute subprocesses on the underlying operating system.
  • [PROMPT_INJECTION]: The skill instructions frequently use imperative and absolute language (e.g., 'YOU MUST', 'No exceptions', 'Delete means delete') designed to override the agent's internal reasoning and safety filters. The file persuasion-principles.md explicitly advocates for using psychological 'Authority' and 'Commitment' principles to increase compliance rates.
  • [PROMPT_INJECTION]: The testing methodology in testing-skills-with-subagents.md utilizes role-playing scenarios and pressure markers such as 'IMPORTANT: This is a real scenario', which are functionally identical to common jailbreak patterns.
  • [COMMAND_EXECUTION]: The render-graphs.js utility processes external input from SKILL.md files and feeds it into the dot system binary without sanitization, creating a surface for potential command-related exploits if the underlying binary is vulnerable.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 12:35 AM