writing-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The documentation files (
CLAUDE_MD_TESTING.mdandpersuasion-principles.md) explicitly use and teach authoritative override patterns. - Evidence: Phrases like 'THIS IS EXTREMELY IMPORTANT', 'YOU MUST', 'No exceptions', and 'If you didn't use it, you failed' are designed to override agent reasoning.
- Context: These are presented as test variants and psychological principles for 'sticky' skill design rather than a malicious attack on the host agent.
- Command Execution (LOW): The script
render-graphs.jsexecutes the system commanddot(Graphviz). - Evidence:
execSync('dot -Tsvg', { input: dotContent, ... })is used to generate SVG files from markdown content. - Risk: The command is executed locally. The script mitigates injection risks by passing the diagram content via
stdinrather than shell arguments and sanitizing output filenames using a\w+regex match. - Indirect Prompt Injection (LOW): The skill establishes an ingestion surface for untrusted data and identifies subsequent capabilities.
- Ingestion points: The skill is designed to process external
SKILL.mdfiles and browse the~/.claude/skills/directory. - Boundary markers: None identified; the skill encourages reading external files 'completely' without explicit delimiters.
- Capability inventory: The skill has the ability to execute shell commands (via
render-graphs.js) and write files to the local disk. - Sanitization: Filenames derived from external content are restricted to alphanumeric characters via regex.
Audit Metadata