Skills
skills/lee-to/ai-factory/aif-ci/Gen Agent Trust Hub

aif-ci

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an 'instruction override' mechanism that reads rules from a file in the project repository (.ai-factory/skill-context/aif-ci/SKILL.md) and treats them as higher-priority overrides for the agent's behavior. This architectural choice presents an indirect prompt injection surface where a malicious repository could manipulate the agent's logic for CI generation.
  • Ingestion points: Project-level instruction file at .ai-factory/skill-context/aif-ci/SKILL.md.
  • Boundary markers: The skill does not employ boundary markers or specific 'ignore' instructions to encapsulate the external rules.
  • Capability inventory: The skill uses Write and Bash tools, which could be misused by injected instructions to create backdoored CI workflows or execute unauthorized git commands.
  • Sanitization: No sanitization or validation logic is defined for the rules ingested from the repository.
  • [EXTERNAL_DOWNLOADS]: Fetches the Composer installer from the official getcomposer.org domain and installs the govulncheck utility from golang.org within the generated CI templates to support dependency auditing and vulnerability scanning.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 01:50 PM