aif-evolve
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill's instructions utilize emphasis markers and structural constraints to ensure the integrity of the AI Factory environment. No patterns designed to bypass safety filters, impersonate other roles, or ignore system instructions were found.
- [DATA_EXFILTRATION]: The skill reads local project files, including patches and codebase conventions. It does not attempt to access sensitive system-level files (such as SSH keys) or perform any network operations to send data externally.
- [COMMAND_EXECUTION]: The skill is granted access to the Bash tool restricted to git commands for the purpose of analyzing repository history. No arbitrary command execution patterns or privilege escalation attempts were identified.
- [SAFE]: The skill processes data from project patches, which constitutes an ingestion surface for indirect prompt injection. This is mitigated by a mandatory manual review process where users must approve all generated rules before they are applied to the file system.
- Ingestion points: .ai-factory/patches/*.md
- Boundary markers: The skill uses defined output templates and target file paths to structure its findings.
- Capability inventory: File system write and edit permissions are used to update local project-specific rule files.
- Sanitization: All improvements are presented to the user for validation and selection via the AskUserQuestion tool before application.
Audit Metadata