aif-fix
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming external project files as high-priority instructions. 1. Ingestion points: .ai-factory/skill-context/aif-fix/SKILL.md, .ai-factory/FIX_PLAN.md, .ai-factory/DESCRIPTION.md, and .ai-factory/patches/*.md. 2. Boundary markers: Absent. 3. Capability inventory: Write, Edit, Bash, and Task (sub-agent invocation). 4. Sanitization: Absent. Evidence: The skill explicitly directs the agent to treat .ai-factory/skill-context/aif-fix/SKILL.md as 'MANDATORY' and 'project-level overrides' that 'win' over default instructions. This allows any process capable of modifying these files to hijack the agent's logic.
- [COMMAND_EXECUTION]: The skill uses shell commands for file system management. Evidence: Execution of 'rm .ai-factory/FIX_PLAN.md' and 'mkdir -p .ai-factory/patches' via the Bash tool.
Audit Metadata