aif-grounded
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a Load Skill Context mechanism in Step 0 that mandates the reading and prioritization of instructions from .ai-factory/skill-context/aif-grounded/SKILL.md. It explicitly states that these rules are project-level overrides that win over the skill defaults, creating an indirect prompt injection surface. Mandatory Evidence Chain: 1. Ingestion points: .ai-factory/skill-context/aif-grounded/SKILL.md. 2. Boundary markers: Absent; the skill lacks delimiters and instructs the agent to treat the ingested content as authoritative. 3. Capability inventory: The skill has access to the Read, Write, Edit, and Bash tools. 4. Sanitization: Absent; there is no validation or filtering of the content loaded from the repository file.
- [COMMAND_EXECUTION]: The skill allows the use of the Bash tool for repository exploration and evidence verification. While consistent with its stated purpose of grounding answers, this capability could be misused if malicious instructions are injected via the context-loading mechanism.
- [SAFE]: The primary function of the skill is a defensive safety gate that forces the agent to remain grounded in evidence, refuse to guess when confidence is below 100 percent, and provide a verifiable audit trail for its claims.
Audit Metadata