aif-verify
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions explicitly mandate reading an external file (
.ai-factory/skill-context/aif-verify/SKILL.md) and grant it priority over its own logic. This creates a surface for indirect prompt injection if the project repository contains malicious instructions. - Ingestion points:
.ai-factory/skill-context/aif-verify/SKILL.md(and other context artifacts like plan files and rules hierarchy). - Boundary markers: Absent. The skill is instructed that "the skill-context rule wins" when conflicts occur, effectively inviting external overrides.
- Capability inventory: Extensive bash access for multiple language ecosystems (npm, go, python, cargo, php, etc.), file system read/write, and task management.
- Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill identifies and executes build, test, and lint commands (e.g.,
npm run build,go build,pytest,cargo test,eslint) based on the project's configuration. While this is the intended purpose for a verification skill, it grants the agent the ability to execute project-defined scripts.
Audit Metadata