aif-commit
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The instructions establish a rule hierarchy that allows external, potentially untrusted project files to override the skill's own core instructions.
- Evidence: "When a skill-context rule conflicts with a general rule written in this SKILL.md, the skill-context rule wins (more specific context takes priority)".
- Evidence: "Do NOT ignore skill-context rules even if they seem to contradict this skill's defaults — they exist because the project's experience proved the default insufficient".
- [COMMAND_EXECUTION]: The skill performs shell-based operations to analyze and modify the git repository.
- Evidence:
git status,git diff --cached,git commit,git reset HEAD, andgit push. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted input from the codebase and external configuration files while possessing repository-write and network-send capabilities.
- Ingestion points: Staged code changes via
git diff --cached, project configuration in.ai-factory/config.yaml, and context rules in.ai-factory/skill-context/aif-commit/SKILL.md. - Boundary markers: The skill lacks explicit boundary markers or delimiters when interpolating external content into the model's context.
- Capability inventory: The skill can read file contents, modify the repository state (
git commit,git reset), and transmit data to remote servers (git push). - Sanitization: No sanitization or validation logic is present to filter malicious instructions within the staged diffs or the project-level context files before they are processed by the agent.
Audit Metadata