writing-skills
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
render-graphs.jsserves as a utility for converting Graphviz DOT blocks in markdown files into SVG images. It invokes the system's localdotbinary usingchild_process.execSyncwith content passed via standard input to prevent command injection, and it employs strict alphanumeric validation for graph names to mitigate path traversal risks during file generation. - [PROMPT_INJECTION]: The skill includes documentation (e.g.,
persuasion-principles.mdandtesting-skills-with-subagents.md) that guides the author on using authoritative framing and commitment-based instructions to improve the agent's adherence to discipline-enforcing workflows. These techniques are focused on process reliability and do not target the bypass of safety guardrails or core system prompts. - [EXTERNAL_DOWNLOADS]: Documentation within the skill contains image references pointing to
mintcdn.com, the content delivery network for official Anthropic documentation. These references are used for instructional support and do not involve the execution of untrusted external code.
Audit Metadata