writing-skills
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a utility script
render-graphs.jsthat useschild_process.execSyncto execute the systemdotcommand (from Graphviz). This script renders SVG diagrams from markdown code blocks found within the skill's documentation. - [PROMPT_INJECTION]: The skill provides detailed instructions on using persuasion principles (Authority, Commitment, Scarcity) and strong imperative language ("YOU MUST", "No exceptions", "Delete means delete") to reinforce agent compliance with specific procedural rules. This approach is intended to prevent agents from rationalizing their way out of following complex or high-effort workflows like TDD.
- [DATA_EXPOSURE]: The utility script
render-graphs.jsperforms filesystem operations by reading content fromSKILL.mdfiles and writing rendered SVG output to a localdiagramsdirectory. - [SAFE]: References to external resources and guidelines (such as Anthropic's best practices) point to well-known domains and official documentation, and are documented neutrally within the skill's instructions.
Audit Metadata