aif-commit
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a project-specific override mechanism that is vulnerable to indirect prompt injection. It reads external files and treats them as higher-priority instructions.\n
- Ingestion points: The skill reads instructions from
.ai-factory/skill-context/aif-commit/SKILL.md,.ai-factory/ARCHITECTURE.md,.ai-factory/DESCRIPTION.md,.ai-factory/RULES.md, and.ai-factory/ROADMAP.md.\n - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present; the skill is explicitly told that 'the skill-context rule wins' and it 'MUST comply' even in cases of conflict.\n
- Capability inventory: The skill can stage, commit, and push repository changes using
Bash(git *).\n - Sanitization: The skill does not validate or sanitize the content of the context files before adopting them as behavior-altering instructions.\n- [COMMAND_EXECUTION]: The skill utilizes the
Bash(git *)tool to execute a variety of git commands includingstatus,diff,commit,push,reset, andadd. While restricted to the git binary, this capability allows the agent to modify the repository and push data to remote origins based on its interpretation of the code and instructions.
Audit Metadata