aif-explore
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to allow instructions found in an external file (
.ai-factory/skill-context/aif-explore/SKILL.md) to override its core behavioral rules. This 'skill-context' mechanism creates a surface for indirect prompt injection where a malicious file could bypass the skill's stated guardrails (such as the 'don't implement' rule) and leverage the availableBashandReadtools for unintended purposes. - Ingestion points: The agent is instructed to read
.ai-factory/skill-context/aif-explore/SKILL.md(if present),.ai-factory/config.yaml,.ai-factory/DESCRIPTION.md, and other project artifacts. - Boundary markers: No specific delimiters or safety warnings are provided to prevent the agent from obeying malicious instructions embedded within these external project files.
- Capability inventory: The skill has access to high-privilege tools including
Bash,Write,Edit, andRead. - Sanitization: There is no evidence of sanitization or validation of the content read from the project files before it is used to influence the agent's behavior.
- Evidence: The skill states: 'Treat them as project-level overrides... the skill-context rule wins (more specific context takes priority)' and 'Do NOT ignore skill-context rules even if they seem to contradict this skill's defaults'.
Audit Metadata