writing-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The files
persuasion-principles.mdandCLAUDE_MD_TESTING.mdcontain explicit instructions and frameworks designed to manipulate AI behavior and override system defaults. persuasion-principles.mdserves as a guide for using 'Authority', 'Scarcity', and 'Commitment' to bypass AI hesitation and enforce compliance ('YOU MUST', 'No exceptions'). It explicitly references research on persuading AI to comply with 'objectionable requests'.CLAUDE_MD_TESTING.mduses high-pressure scenarios (e.g., 'Production is bleeding money') and absolute failure conditions ('If a skill existed... and you didn't use it, you failed') to force specific agent behaviors.- COMMAND_EXECUTION (MEDIUM): The script
render-graphs.jsutilizeschild_process.execSyncto execute the systemdotcommand (Graphviz). While it passes the graph content via theinputoption (reducing shell injection risk), it still allows for the execution of arbitrary Graphviz logic and relies on system binaries. - INDIRECT_PROMPT_INJECTION (LOW): The
csv-data-analyzer-example.mddocumentation describes a workflow that proactively processes external.csvfiles and generates reports. This creates an attack surface where instructions embedded in user-uploaded data could potentially influence the agent's next steps, although the provided template includes basic validation tags. - DYNAMIC_EXECUTION (LOW): The skill example
csv-data-analyzer-example.mdreferences the execution of a Python script (analyze_csv.py) that is not provided within the skill files, implying a dependency on external or dynamically available scripts for core functionality.
Audit Metadata