Skills
skills/guangtouwangba/weaver/writing-skills/Gen Agent Trust Hub

writing-skills

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The files persuasion-principles.md and CLAUDE_MD_TESTING.md contain instructions designed to override agent behavior using 'Authority' and 'Commitment' principles. Examples include 'YOU MUST', 'No exceptions', and 'If a skill existed... and you didn't use it, you failed'. These patterns are intended to bypass the agent's natural decision-making process.
  • COMMAND_EXECUTION (MEDIUM): The script render-graphs.js uses child_process.execSync to call the system command dot. While it uses the input option to pipe data to stdin, it still constitutes dynamic command execution based on content parsed from SKILL.md.
  • INDIRECT_PROMPT_INJECTION (LOW): The render-graphs.js script ingests untrusted data from SKILL.md and passes it to a subprocess.
  • Ingestion points: SKILL.md (via fs.readFileSync in render-graphs.js).
  • Boundary markers: None detected for the DOT content extraction.
  • Capability inventory: execSync for system commands and fs.writeFileSync for file operations.
  • Sanitization: No sanitization is performed on the extracted DOT blocks before they are passed to the dot command.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 03:55 PM