aif-implement
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a mechanism where instructions from files like .ai-factory/RULES.md and .ai-factory/skill-context/aif-implement/SKILL.md override the skill's primary instructions, creating a surface for indirect prompt injection. * Ingestion points: .ai-factory/DESCRIPTION.md, .ai-factory/ARCHITECTURE.md, .ai-factory/RULES.md, and project-specific skill contexts. * Boundary markers: Absent; instructions from external files are treated as direct overrides without delimitation or safety warnings. * Capability inventory: The skill utilizes powerful tools including Bash, Write, and Edit. * Sanitization: Absent; the skill is instructed to treat external rules as hard requirements.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform complex Git operations, such as merging branches and removing worktrees, which could lead to unintended repository states if the agent is influenced by poisoned external instructions.
Audit Metadata