writing-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script
render-graphs.jsuseschild_process.execSyncto run the systemdotcommand. It extracts content fromSKILL.mdusing regex and pipes it directly into the command's standard input without any validation or sanitization. This allows for potential exploitation if the input content is maliciously crafted. - [PROMPT_INJECTION] (HIGH): Documentation in
references/persuasion-principles.mdandreferences/bulletproofing.mdexplicitly teaches the use of 'Authority' and 'Commitment' principles (e.g., 'YOU MUST', 'No exceptions', 'Delete means delete') to bypass agent rationalization. These are functional prompt injection patterns designed to override the agent's default reasoning and safety filters. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends using
npx claude-skills-cli, which involves downloading and executing code from an untrusted third-party NPM package that is not included in the trusted source list. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill possesses a high-severity attack surface through
render-graphs.js, which ingests data fromSKILL.md(untrusted source) and uses it in a system execution context (execSync). There are no boundary markers or sanitization routines to prevent a malicious markdown file from influencing the execution environment.
Recommendations
- AI detected serious security threats
Audit Metadata