Skills
skills/guanyang/antigravity-skills/writing-skills/Gen Agent Trust Hub

writing-skills

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The file render-graphs.js utilizes child_process.execSync to run the system utility 'dot'.
  • Evidence: execSync('dot -Tsvg', { input: dotContent, ... }) in render-graphs.js.
  • Risk: The input data is extracted directly from the content of a markdown file. This pattern involves executing system tools on potentially untrusted content, which could lead to command injection or exploit vulnerabilities within the Graphviz parser itself.
  • [PROMPT_INJECTION] (LOW): The persuasion-principles.md file advocates for the use of authoritative language and commitment framing to ensure AI compliance.
  • Evidence: Encourages using imperatives like 'YOU MUST', 'Always', and 'No exceptions'.
  • Risk: These patterns are identical to those used in adversarial prompt injection to override system constraints or bypass safety filters.
  • [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data access, credential exposure, or network exfiltration was found.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:05 PM