writing-skills
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (MEDIUM): The files 'persuasion-principles.md' and 'CLAUDE_MD_TESTING.md' utilize high-pressure language (e.g., 'YOU MUST', 'No exceptions', 'you failed') and authoritative framing to override the agent's default decision-making process. This mimics adversarial prompt injection techniques to force compliance.
- Command Execution (MEDIUM): 'render-graphs.js' uses 'child_process.execSync' to invoke the system 'dot' binary. It processes content directly from 'SKILL.md', creating a risk of local command execution if the input is maliciously crafted.
- Indirect Prompt Injection (LOW): The skill exposes a surface for indirect injection by processing external markdown files. 1. Ingestion points: 'render-graphs.js' (reading SKILL.md). 2. Boundary markers: Absent for the dot code blocks. 3. Capability inventory: 'execSync' calls in 'render-graphs.js'. 4. Sanitization: No input validation or escaping is performed on the dot content before execution.
Audit Metadata