writing-skills

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The render-graphs.js utility uses the execSync function to execute external system commands. It runs which dot and dot -Tsvg to render Graphviz diagrams. The input for these commands is extracted directly from the body of SKILL.md files without sanitization beyond regex matching, creating a potential vector for indirect prompt injection or command exploitation if malicious DOT content is provided.
  • [PROMPT_INJECTION]: The instruction set, specifically in persuasion-principles.md and testing-skills-with-subagents.md, teaches the agent to use authoritative and persuasive language (e.g., "YOU MUST", "No exceptions") to override its own "rationalization." These techniques are designed to bypass the agent's internal reasoning and alignment guardrails to ensure rigid adherence to specified workflows. It references research on "Persuading AI to Comply with Objectionable Requests" to justify these behavioral control patterns.
  • [EXTERNAL_DOWNLOADS]: The documentation contains instructions and examples that reference standard libraries and package managers. This includes Python packages like pdfplumber, pypdf, and pytesseract, as well as Node.js packages like docx-js. It also suggests installing Graphviz using well-known package managers such as Homebrew (brew) or APT (apt). These references target official and well-known technology sources for legitimate development purposes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 07:11 AM
Security Audit — agent-trust-hub — writing-skills