aif-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions mandate that rules found in external project files (e.g., .ai-factory/skill-context/aif-architecture/SKILL.md) take priority and can override the skill's built-in logic. This is a form of indirect prompt injection. * Ingestion points: Reads .ai-factory/DESCRIPTION.md and .ai-factory/skill-context/aif-architecture/SKILL.md to determine architecture and formatting rules. * Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential malicious content within the ingested files. * Capability inventory: Has permissions to Read, Write, and execute Bash(mkdir *). It can modify project files like ARCHITECTURE.md, DESCRIPTION.md, and AGENTS.md based on injected instructions. * Sanitization: Absent. The skill explicitly instructs the model to prioritize external rules over its own defaults.
- [COMMAND_EXECUTION]: The skill uses a bash tool restricted to directory creation (mkdir *). While limited, it allows for modifications to the file system structure.
Audit Metadata