writing-skills
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/render-graphs.jsscript utilizes the Node.jsexecSyncfunction to execute thedotcommand-line utility. This is a legitimate utility function used to render Graphviz diagrams embedded in the skill documentation. - [EXTERNAL_DOWNLOADS]: The skill documentation suggests the installation of the
graphvizsystem package via standard package managers like Homebrew or APT to enable diagram rendering. This is a documented dependency for the skill's auxiliary tooling. - [PROMPT_INJECTION]: The guides
references/persuasion-principles.mdandreferences/rationalization-patterns.mddiscuss the use of assertive language and behavioral psychology to ensure agent compliance with technical workflows. While these are advanced prompt engineering techniques for steering agent behavior, they are presented as organizational best practices for process discipline rather than malicious exploits or safety bypasses.
Audit Metadata