aif-grounded
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to prioritize content from an external file (
.ai-factory/skill-context/aif-grounded/SKILL.md) over its own core rules. Phrases like 'the skill-context rule wins' and 'Treat them as project-level overrides' create a mechanism for external data to hijack the agent's logic. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The agent is instructed to read the file
.ai-factory/skill-context/aif-grounded/SKILL.mdas its first mandatory step. - Boundary markers: No delimiters or protective markers are used to isolate the data from this file; instead, the agent is told to fully comply with it even if it contradicts existing rules.
- Capability inventory: The skill has access to sensitive tools including
Bash,Write,Edit, andRead(file system access). - Sanitization: There is no validation or sanitization of the content provided in the context file before it is used to override agent behavior.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool. In conjunction with the override mechanism, this allows an attacker who can place a file in the project directory to potentially force the execution of arbitrary shell commands by providing 'override rules' that mandate such behavior.
Audit Metadata