writing-skills
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The file
persuasion-principles.mdprovides a comprehensive guide for bypassing agent rationalization and internal judgment. It explicitly encourages the use of 'Authority' and 'Commitment' principles to create imperative, non-negotiable instructions like 'YOU MUST' and 'No exceptions' to eliminate 'decision fatigue,' which serves as a blueprint for behavioral override. - PROMPT_INJECTION (MEDIUM):
AGENTS_MD_TESTING.mdincludes 'Variant C' instructions that use emphatic framing and guilt-based compliance ('If you didn't use it, you failed') to coerce the agent into specific actions regardless of the actual necessity of the task. - COMMAND_EXECUTION (HIGH): The script
render-graphs.jsuseschild_process.execSyncto pass content extracted directly from a markdown file (SKILL.md) into the system'sdot(Graphviz) binary. This presents a code execution risk if the input markdown contains malicious graph attributes or exploits vulnerabilities in the host's Graphviz installation. - DATA_EXFILTRATION (LOW): While not explicitly exfiltrating data,
render-graphs.jsreads arbitrary file content from the filesystem (based on command-line arguments) and writes processed outputs to adiagrams/directory. This pattern could be leveraged to read and reformat sensitive documentation into visual formats for later capture.
Recommendations
- AI detected serious security threats
Audit Metadata