Skills
skills/chauchakching/superpowers-cursor/writing-skills/Gen Agent Trust Hub

writing-skills

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The file render-graphs.js utilizes child_process.execSync to invoke the system dot binary. While the command string is static and input is passed via stdin, executing system-level binaries based on content parsed from markdown files (SKILL.md) presents a risk of exploiting potential vulnerabilities in the underlying rendering engine (Graphviz).
  • [PROMPT_INJECTION] (LOW): The files persuasion-principles.md and examples/CLAUDE_MD_TESTING.md describe and test techniques designed to force agent compliance. These include using 'Authority' patterns (e.g., "YOU MUST", "No exceptions") and XML-like structural markers to override an agent's default decision-making process. While intended for skill adherence, these patterns mirror adversarial prompt injection techniques used to bypass standard safety or logic constraints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 04:54 AM