aif-ci
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its project-level override mechanism. * Ingestion points: The skill reads instructions from '.ai-factory/skill-context/aif-ci/SKILL.md' and '.ai-factory/DESCRIPTION.md', and treats the skill-context as mandatory overrides for its core logic. * Boundary markers: No clear delimiters or 'ignore' instructions are used when processing this external content. * Capability inventory: The skill has tools to write files (CI workflows) and execute restricted bash commands (git). * Sanitization: There is no evidence of sanitization or validation for instructions sourced from the project files.
- [EXTERNAL_DOWNLOADS]: The skill generates CI configurations that include references to third-party GitHub Actions and standard dependency installation commands. For example, it utilizes actions like 'shivammathur/setup-php', 'astral-sh/setup-uv', and 'dtolnay/rust-toolchain', and generates commands like 'cargo install' or 'go install' for various security and linting tools. These are standard practices in CI/CD automation and target well-known repositories or official package registries.
Audit Metadata