aif-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'mkdir', a standard operation for creating required project directories like '.ai-factory'.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted project data to influence its outputs. Ingestion points: Files at '.ai-factory/config.yaml', '.ai-factory/DESCRIPTION.md', and '.ai-factory/skill-context/aif-architecture/SKILL.md'. Boundary markers: Absent; the skill does not utilize delimiters to isolate ingested file content from its internal instructions. Capability inventory: The agent possesses file read/write access and restricted shell execution for directory management. Sanitization: Absent; the instructions explicitly prioritize project-specific rules from external files over the skill's own defaults, allowing local project files to override core logic.
Audit Metadata