aidlc
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
install.shscript clones the officialawslabs/aidlc-workflowsrepository from GitHub to retrieve the core rules and templates required for the skill's operation. This is a neutral operation fetching resources from a well-known service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user input via the
$ARGUMENTSparameter. - Ingestion points: User-provided task descriptions are interpolated into the prompt in
SKILL.md. - Boundary markers: The skill uses clear markdown section headers to separate instructions from data, though specific "ignore instructions" delimiters are not explicitly defined in the top-level file.
- Capability inventory: The skill utilizes powerful tools including
Bash,Write,Edit, andTaskto modify code and execute shell commands. - Sanitization: Risk is mitigated by a mandatory "Wait for Approval" protocol, where the agent must present an execution plan and obtain explicit user consent before performing actions.
- [COMMAND_EXECUTION]: The skill uses
BashandTasktools to perform standard software development lifecycle activities such as workspace detection, build execution, and testing. These operations are consistent with the skill's stated purpose. - [DATA_EXFILTRATION]: The skill maintains project state and interaction logs within the local
aidlc-docs/directory. No network operations were found that exfiltrate this data to external or non-whitelisted domains.
Audit Metadata