Skills
skills/aident-ai/aident-skill/aident-skill/Gen Agent Trust Hub

aident-skill

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands such as mkdir, curl, and python3 to manage local configuration and communicate with the Aident server.\n
  • Evidence: Usage in SKILL.md and scripts/test-rest-api.sh.\n- [DATA_EXFILTRATION]: Authentication tokens and integration parameters are sent to the vendor's domain app.aident.ai for tool execution.\n
  • Evidence: API endpoints defined in SKILL.md and references/api.md.\n- [PROMPT_INJECTION]: The skill's ability to ingest data from over 1000 integrations (e.g., Gmail, Slack) introduces a surface for indirect prompt injection.\n
  • Ingestion points: Tool outputs from integrations like skill_execute and playbook_execute (SKILL.md).\n
  • Boundary markers: None; the skill does not instruct the agent to distinguish between instructions and integration data.\n
  • Capability inventory: The skill has network access and writes to local storage (~/.aident/credentials.json).\n
  • Sanitization: No explicit validation or sanitization of external data is mentioned in the provided documentation or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 07:42 AM