writing-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script
render-graphs.jsuseschild_process.execSyncto call the systemdotbinary. While it passes data via standard input rather than shell arguments, executing external binaries based on file content (theSKILL.mddot blocks) remains a security surface. - [PROMPT_INJECTION] (MEDIUM): The files
persuasion-principles.mdandCLAUDE_MD_TESTING.mdexplicitly document and encourage the use of 'Authority' and 'Commitment' principles (e.g., using 'YOU MUST', 'No exceptions', 'Announce skill usage') to force AI compliance. These techniques are characteristic of prompt injection and are used to bypass an agent's autonomous reasoning or safety guidelines under the guise of 'discipline-enforcing' documentation. - [DATA_EXPOSURE] (SAFE): The provided files do not contain hardcoded credentials or access sensitive user paths (like
~/.ssh). The script only reads the specificSKILL.mdprovided via arguments and writes to adiagramssubdirectory. - [EXTERNAL_DOWNLOADS] (SAFE): No network operations (curl, wget, fetch) were detected. The script requires
graphvizto be pre-installed on the host system.
Audit Metadata