writing-skills
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
render-graphs.jsutility uses theexecSyncfunction to execute external system commands. It runswhich dotanddot -Tsvgto render Graphviz diagrams. The input for these commands is extracted directly from the body ofSKILL.mdfiles without sanitization beyond regex matching, creating a potential vector for indirect prompt injection or command exploitation if malicious DOT content is provided. - [PROMPT_INJECTION]: The instruction set, specifically in
persuasion-principles.mdandtesting-skills-with-subagents.md, teaches the agent to use authoritative and persuasive language (e.g., "YOU MUST", "No exceptions") to override its own "rationalization." These techniques are designed to bypass the agent's internal reasoning and alignment guardrails to ensure rigid adherence to specified workflows. It references research on "Persuading AI to Comply with Objectionable Requests" to justify these behavioral control patterns. - [EXTERNAL_DOWNLOADS]: The documentation contains instructions and examples that reference standard libraries and package managers. This includes Python packages like
pdfplumber,pypdf, andpytesseract, as well as Node.js packages likedocx-js. It also suggests installing Graphviz using well-known package managers such as Homebrew (brew) or APT (apt). These references target official and well-known technology sources for legitimate development purposes.
Audit Metadata