Skills
skills/lee-to/ai-factory/aif-roadmap/Gen Agent Trust Hub

aif-roadmap

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates an 'indirect prompt injection' surface through its 'skill-context' mechanism. It is explicitly instructed to read and treat instructions from an external file (.ai-factory/skill-context/aif-roadmap/SKILL.md) as mandatory overrides that 'win' over the skill's default rules.
  • Ingestion points: The agent is directed to read .ai-factory/skill-context/aif-roadmap/SKILL.md, .ai-factory/DESCRIPTION.md, and .ai-factory/ARCHITECTURE.md to determine its operating logic.
  • Boundary markers: Absent. There are no delimiters or instructions to treat the ingested content as data rather than instructions; conversely, the agent is told 'the skill-context rule wins' and 'Do NOT ignore skill-context rules'.
  • Capability inventory: The skill possesses capabilities to Write, Edit, and execute Bash(git *) commands, which could be misused if the context files are manipulated.
  • Sanitization: None. The skill does not validate or sanitize the rules imported from the workspace before adopting them as its primary operational logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 09:57 AM