Skills
skills/lee-to/ai-factory/aif-docs/Gen Agent Trust Hub

aif-docs

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection due to its requirement to ingest and obey instructions from external project files. Specifically, it treats rules found in .ai-factory/skill-context/aif-docs/SKILL.md as mandatory overrides that take precedence over its own logic. This creates a high-trust pathway for malicious instructions embedded in a project to manipulate agent behavior.
  • Ingestion points: The skill reads .ai-factory/skill-context/aif-docs/SKILL.md, README.md, docs/*.md, and project manifest files like package.json or requirements.txt.
  • Boundary markers: There are no specified delimiters or instructions to ignore nested directives within the ingested files.
  • Capability inventory: The skill can create directories, write/edit files, execute npx and python commands via Bash, and perform web searches/fetches.
  • Sanitization: No sanitization or validation of the ingested content is performed before it is integrated into the agent's context or used to generate new documentation artifacts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 01:50 PM