aif-skill-generator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill mentions injection phrases such as 'ignore previous instructions' for documentation and regex detection purposes in its security scanner. These are not active injections targeting the host agent.
- [COMMAND_EXECUTION]: Requests Bash tools for file management and script execution. The use of 'rm -rf' is intended for cleanup of installation artifacts and is consistent with the skill's administrative tasks.
- [EXTERNAL_DOWNLOADS]: Ingests content from URLs in Learn Mode and installs skills from registries. It mitigates this risk through a mandatory two-level security scan process.
- [DATA_EXFILTRATION]: Communicates with 'skills.sh' to provide search functionality. No patterns of sensitive data harvesting or unauthorized exfiltration were identified.
Audit Metadata