Skills
skills/lee-to/ai-factory/aif-explore/Gen Agent Trust Hub

aif-explore

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an instruction override logic where content from external files (specifically .ai-factory/skill-context/aif-explore/SKILL.md) is prioritized over the skill's own defined rules.
  • [COMMAND_EXECUTION]: The skill is granted access to the Bash tool, enabling arbitrary command execution on the host environment for the purpose of codebase investigation.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data from multiple project files and treats them as authoritative instructions.
  • Ingestion points: Multiple files including .ai-factory/DESCRIPTION.md, .ai-factory/ARCHITECTURE.md, .ai-factory/RULES.md, and .ai-factory/skill-context/aif-explore/SKILL.md.
  • Boundary markers: Not present; the skill lacks delimiters or warnings to ignore embedded instructions in these files.
  • Capability inventory: The skill can execute shell commands via Bash and modify files via Write and Edit.
  • Sanitization: No sanitization or validation of the content read from the project files is performed before it is integrated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:53 PM