Skills
skills/sebas-aikon-intelligence/antigravity-awesome-skills/writing-skills/Gen Agent Trust Hub

writing-skills

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The render-graphs.js script utilizes child_process.execSync to invoke the system's dot (Graphviz) command. While the script passes input via stdin rather than shell arguments, executing system binaries on data parsed from local markdown files constitutes a risk if the Graphviz binary is vulnerable or the input files are attacker-controlled.\n- [PROMPT_INJECTION] (LOW): The file persuasion-principles.md instructs developers to use authoritative and non-negotiable language such as 'YOU MUST' and 'No exceptions'. Although intended for improving skill robustness, these linguistic patterns are identical to those used in adversarial prompt injection to bypass agent constraints.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The rendering utility introduces an indirect prompt injection surface.\n
  • Ingestion points: The script reads untrusted content from SKILL.md using fs.readFileSync.\n
  • Boundary markers: It relies on markdown code block delimiters (```dot) to identify executable content.\n
  • Capability inventory: The skill possesses subprocess execution (execSync) and file-system write capabilities (fs.writeFileSync).\n
  • Sanitization: There is no validation or sanitization of the DOT language source before it is passed to the system renderer.\n- [DYNAMIC_EXECUTION] (MEDIUM): The script performs runtime extraction and execution of DOT source code to generate visual assets, which classifies as dynamic execution of embedded source via external system utilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:38 PM