aif-build-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Priority Override' mechanism in
SKILL.md(Step 0) that instructs the agent to treat local data as authoritative instructions. This creates an Indirect Prompt Injection surface: \n - Ingestion points: The skill reads
.ai-factory/DESCRIPTION.md,.ai-factory/skill-context/aif-build-automation/SKILL.md, and project metadata files likepackage.json,go.mod, andpyproject.toml.\n - Boundary markers: No delimiters or 'ignore instructions' warnings are used when processing the content of these files.\n
- Capability inventory: The skill has
Write,Edit, andBash(restricted to git) capabilities, which could be used to modify the codebase based on injected instructions.\n - Sanitization: No validation or sanitization of input file content is performed before it is used to influence agent logic or output content. \n- [COMMAND_EXECUTION]: The skill generates build automation files (e.g., Makefiles, Taskfiles) that execute shell commands. These commands often interpolate variables derived from project metadata (such as project names or directory paths) which could lead to command injection in the generated scripts if the source files are maliciously crafted with shell metacharacters.
Audit Metadata