aif-verify
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to load and strictly follow instructions from .ai-factory/skill-context/aif-verify/SKILL.md within the project being analyzed. The instructions explicitly state that these project-level rules must override the skill's own logic, even if they appear contradictory. This creates a significant surface for Indirect Prompt Injection, where a malicious repository can control the agent's behavior during the verification process. Ingestion points: .ai-factory/skill-context/aif-verify/SKILL.md, .ai-factory/PLAN.md, .ai-factory/DESCRIPTION.md. Boundary markers: Absent. Capability inventory: Bash (prefixed), Edit, TaskList. Sanitization: Absent.\n- [COMMAND_EXECUTION]: The skill executes project-specific build and test scripts (e.g., npm run build, go test ./..., pytest) based on files detected in the repository. While this is the intended purpose of a verification tool, it results in the execution of code defined in the target repository. If a user invokes the skill on a malicious or compromised project, these commands could execute arbitrary code within the constraints of the allowed bash tool prefixes.
Audit Metadata