writing-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The file
render-graphs.jsexecutes system-level commands using thechild_processmodule. - Evidence: Uses
execSync('dot -Tsvg', { input: dotContent })to render diagrams. - Evidence: Executes
which dotto check for binary availability. - Risk: While the script uses stdin for data passing, it relies on an external system binary (
dot) and executes code based on content extracted from markdown files. - [PROMPT_INJECTION] (LOW): The file
persuasion-principles.mdprovides a framework for overriding AI 'rationalization' using imperative language. - Evidence: Recommends using 'Authority' markers such as "YOU MUST", "Never", and "No exceptions".
- Evidence: Explicitly suggests these techniques "ensure critical practices are followed even under pressure" and "eliminate decision fatigue".
- Risk: These instructions are meta-prompts that teach how to bypass standard AI reasoning and constraints, effectively documenting injection-style behavior.
- [INDIRECT_PROMPT_INJECTION] (LOW): The rendering script creates a surface for indirect instruction processing.
- Ingestion points: Reads
SKILL.mdfrom the local file system. - Boundary markers: Uses regex to isolate ```dot blocks.
- Capability inventory: Performs file system reads/writes and subprocess execution via
execSync. - Sanitization: No validation or sanitization is performed on the content of the
dotblocks before passing them to the system command. - [DATA_EXPOSURE] (SAFE): File system operations are restricted to reading the skill's own markdown and writing SVG outputs to a local
diagramsdirectory.
Audit Metadata