Skills
skills/lee-to/ai-factory/aif-review/Gen Agent Trust Hub

aif-review

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design. It instructs the agent to read and prioritize instructions from a project-local file located at .ai-factory/skill-context/aif-review/SKILL.md as mandatory overrides. An attacker who can commit files to a repository could use this to hijack the agent's logic during a code review.
  • Ingestion points: .ai-factory/skill-context/aif-review/SKILL.md, git diff output, and gh pr output.
  • Boundary markers: Absent. The agent is explicitly told that the context file's rules 'win' over the skill's defaults.
  • Capability inventory: Bash(git *), Bash(gh *), Read, Glob, Grep.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git and gh (GitHub CLI) commands. These commands are used to fetch repository state and pull request data from GitHub, which is a well-known service. The tool permissions Bash(git *) and Bash(gh *) grant the agent broad authority to execute subcommands within these specific utilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:43 PM