aims-audit
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several local Python scripts to perform audit tasks, such as
aims_gap_analyzer.py,ai_risk_register_builder.py, andaims_audit_scheduler.py. These scripts are located within the skill's own directory structure or adjacent skill folders within the same repository. - [SAFE]: Evaluation of the indirect prompt injection surface (Category 8):
- Ingestion points: The skill processes user-supplied audit evidence and risk data through JSON files (
evidence.json,risks.json,audit_scope.json, andprogram.json) provided as command-line arguments. - Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore embedded instructions within the processed data.
- Capability inventory: The skill possesses the capability to execute Python subprocesses that analyze the input data.
- Sanitization: The implementation of data validation or sanitization is managed by the underlying Python scripts rather than the high-level markdown instructions.
Audit Metadata