Skills
NYC
skills/qodex-ai/ai-agent-skills/capability-documentation/Gen Agent Trust Hub

capability-documentation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The file render-graphs.js uses child_process.execSync to invoke the dot command. It passes data extracted from SKILL.md via standard input. While this avoids shell command injection, executing binaries with content from documents is a sensitive operation.
  • PROMPT_INJECTION (LOW): examples/CLAUDE_MD_TESTING.md and persuasion-principles.md contain instructions designed to override agent reasoning through 'Authority' and 'Commitment' principles (e.g., 'YOU MUST', 'No exceptions'). These are for adherence testing but overlap with injection patterns.
  • PROMPT_INJECTION (LOW): Indirect prompt injection surface identified in render-graphs.js. 1. Ingestion point: SKILL.md file contents. 2. Boundary markers: None (regex only). 3. Capability inventory: execSync usage. 4. Sanitization: None present for the DOT content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:58 PM