Skills
skills/ederheisler/agent-skills/writing-skills/Gen Agent Trust Hub

writing-skills

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The files examples/CLAUDE_MD_TESTING.md and persuasion-principles.md contain emphatic directives and psychological triggers (e.g., 'THIS IS EXTREMELY IMPORTANT', 'YOU MUST', 'No exceptions') designed to override default AI behavior.
  • Evidence: Variant C in CLAUDE_MD_TESTING.md explicitly uses XML-like tagging and urgent language to force compliance.
  • Context: These patterns are justified by the skill's primary purpose of teaching/testing instruction enforcement, resulting in a severity downgrade.
  • COMMAND_EXECUTION (SAFE): The script render-graphs.js uses child_process.execSync to run the system dot command.
  • Evidence: execSync('dot -Tsvg', { input: dotContent }) in render-graphs.js.
  • Mitigation: The script safely passes content via standard input rather than shell arguments, reducing command injection risks.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill has an ingestion surface where render-graphs.js processes SKILL.md content.
  • Ingestion Points: render-graphs.js reads SKILL.md from the local directory.
  • Boundary Markers: Uses markdown code block delimiters (```dot).
  • Capability Inventory: Ability to execute dot and write SVG files to a diagrams/ subdirectory.
  • Sanitization: Regex-based extraction of dot blocks, but lacks content validation of the Graphviz DSL.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 06:50 PM