Skills
skills/lee-to/ai-factory/aif-explore/Gen Agent Trust Hub

aif-explore

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates an 'AI Factory Context' feature that reads project-specific rules from .ai-factory/skill-context/aif-explore/SKILL.md and treats them as mandatory overrides.
  • Ingestion points: The agent is directed to read .ai-factory/skill-context/aif-explore/SKILL.md and other project metadata files (DESCRIPTION.md, ARCHITECTURE.md, etc.).
  • Boundary markers: No specific delimiters or security warnings are used to isolate the instructions in these files from the main system prompt; instead, the prompt explicitly states that these external rules 'win' in the event of a conflict, effectively allowing local files to supersede the skill's security policy.
  • Capability inventory: The agent has access to Bash, Write, Edit, Read, Glob, and Grep tools.
  • Sanitization: No sanitization or validation is applied to the content of the project-level override files, creating a vulnerability where a malicious project could control agent behavior via indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:56 AM