writing-skills
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The files
persuasion-principles.mdandCLAUDE_MD_TESTING.mdcontain patterns designed to override agent behavior and bypass typical reasoning. Specifically, they advocate for the use of "Authority" and "Commitment" principles (e.g., "YOU MUST", "No exceptions", "If you didn't use it, you failed") to force compliance even under pressure or when the agent has a working alternative. - COMMAND_EXECUTION (MEDIUM): The script
render-graphs.jsuseschild_process.execSyncto run the systemdotcommand. While it passes data via stdin, executing system binaries on data extracted from external files is a security risk if the binary has known vulnerabilities. - INDIRECT_PROMPT_INJECTION (HIGH):
- Ingestion points:
render-graphs.jsreads content fromSKILL.mdfiles using thefsmodule. - Capability inventory: The script executes the
dotbinary viaexecSyncto process the extracted content. - Boundary markers: None present. The script uses a simple regex to identify blocks and does not use any delimiters to separate instructions from data for the utility.
- Sanitization: None. The script extracts raw strings and pipes them directly into a system subprocess.
- METADATA_POISONING (MEDIUM):
CLAUDE_MD_TESTING.mdserves as a blueprint for modifying the agent's core operational instructions (CLAUDE.md) to ensure strict obedience to external skill files, potentially sidelining the agent's own safety or logic protocols.
Recommendations
- AI detected serious security threats
Audit Metadata