writing-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The files
examples/CLAUDE_MD_TESTING.mdandpersuasion-principles.mdemploy high-pressure instructional patterns such as "THIS IS EXTREMELY IMPORTANT," "If a skill existed... and you didn't use it, you failed," and "No exceptions." These tactics are specifically designed to override an agent's standard reasoning and safety decision-making in favor of rigid compliance. - [COMMAND_EXECUTION] (MEDIUM): The script
render-graphs.jsuseschild_process.execSyncto invoke the externaldot(Graphviz) binary. While the script passes input viastdinrather than shell interpolation, it still enables the execution of system-level software based on the contents of markdown files. - [INDIRECT_PROMPT_INJECTION] (LOW): The utility script processes external data which could be manipulated to influence the host system through Graphviz.
- Ingestion points: Reads
SKILL.mdfiles from user-defined directories usingfs.readFileSync. - Boundary markers: Uses markdown code blocks (```dot) as markers to extract content.
- Capability inventory: Performs file writes (
fs.writeFileSync), directory creation (fs.mkdirSync), and system command execution (execSync). - Sanitization: There is no validation or sanitization of the extracted DOT content before it is passed to the system binary.
Audit Metadata