Skills
skills/lee-to/ai-factory/aif-rules/Gen Agent Trust Hub

aif-rules

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in 'Step 0' establish a 'priority override' mechanism, commanding the agent to follow rules in .ai-factory/skill-context/aif-rules/SKILL.md even if they contradict the primary skill instructions. This pattern is highly susceptible to instruction hijacking via the filesystem.
  • [COMMAND_EXECUTION]: The skill uses Write and Edit tools to modify .ai-factory/RULES.md. This capability allows for the persistent modification of project-level configuration files that influence other automated agent tasks.
  • [PROMPT_INJECTION]: Mandatory Indirect Prompt Injection Analysis:
  • Ingestion points: .ai-factory/skill-context/aif-rules/SKILL.md (Step 0), .ai-factory/RULES.md (Step 2), and user-provided $ARGUMENTS (Step 1).
  • Boundary markers: None. The skill lacks delimiters or instructions to ignore embedded directives in the ingested content.
  • Capability inventory: Write, Edit, Glob, and Grep tools provide full capability to modify the local project environment.
  • Sanitization: None. The skill appends text directly to the rules file without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:34 AM