aid-development
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a QA mechanism that processes modified code files and task configurations (.aid/qa/{TASK-ID}.yaml), creating an indirect prompt injection surface.
- Ingestion points: Modified source code and YAML task files are processed by a QA subagent.
- Boundary markers: The subagent's prompt does not include explicit delimiters or instructions to ignore embedded instructions within the files it reviews.
- Capability inventory: The skill allows for spawning subagents and reading/writing files within the project directory.
- Sanitization: There is no evidence of sanitization or validation logic applied to the ingested content before processing.
Audit Metadata