aif-improve
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its processing of untrusted project data to influence task creation. * Ingestion points: The skill reads implementation plans, project descriptions, patch files, and arbitrary codebase files (Step 1, 2). * Boundary markers: No delimiters or isolation instructions are present to distinguish untrusted content from the agent's instructions. * Capability inventory: It utilizes TaskCreate, TaskUpdate, Write, and Edit tools to apply changes to the implementation plan (Step 5). * Sanitization: No validation logic is implemented to filter malicious content from the ingested files.
- [COMMAND_EXECUTION]: The skill executes external commands using the Bash tool. * Evidence: It invokes 'git branch --show-current' (Step 0) to determine the active plan filename, which is a restricted and low-risk command.
Audit Metadata