Skills
skills/huangserva/servasyy_skills/document-writer/Gen Agent Trust Hub

document-writer

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/write.py and the workflow in SKILL.md perform dynamic module loading by modifying sys.path at runtime to include a directory relative to the user's home path (~/.claude/skills/shared-lib). Loading code from computed paths is a potential security risk as it could lead to the execution of unintended modules if the local environment is compromised.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user-provided text or file content as source material for its writing tasks.
  • Ingestion points: Arbitrary themes and source files are read and processed in Step 1 of the SKILL.md workflow and via the scripts/write.py command-line arguments.
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific prompts to the agent to ignore instructions embedded within the source content.
  • Capability inventory: The skill is configured with access to Bash, Read, Write, and Edit tools, allowing for significant system impact if the agent follows malicious instructions hidden in the input data.
  • Sanitization: Absent. No filtering, validation, or escaping is applied to the input content before it is processed by the AI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 09:19 PM