aif-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection vulnerability by mandating the ingestion of external data and treating it as a high-priority override for its core logic.
- Ingestion points: The skill specifically requires reading
.ai-factory/skill-context/aif-best-practices/SKILL.mdand.ai-factory/ARCHITECTURE.mdfrom the local file system. - Boundary markers: There are no delimiters or instructions provided to the agent to treat the ingested file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill uses the
Read,Glob, andGreptools to access these files, and the resulting content directly dictates the agent's output constraints and behavior (e.g., 'the skill-context rule wins'). - Sanitization: The skill lacks any mechanism to sanitize or validate the content of the external files before they are processed as authoritative instructions.
Audit Metadata