aidr
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/aidrexecutes theaiderCLI tool usingsubprocess.runwith a list of arguments, which is a secure method that prevents shell injection attacks. - [EXTERNAL_DOWNLOADS]: The
scripts/setup.shscript installs theaider-chatpackage from PyPI via theuvtool. This is a standard installation procedure for a well-known and reputable developer tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from the repository into its operations. \n * Ingestion points: The skill reads the contents of the target repository's files and accepts a user-provided
goalstring, both of which are passed to the underlying AI model. \n * Boundary markers: No delimiters or specific safety instructions (e.g., "ignore embedded commands") are applied to the user-provided goals before they are processed by Aider. \n * Capability inventory: The Aider tool has the capability to read and modify files in the local filesystem, presenting a risk if an injection occurs. \n * Sanitization: The skill does not perform validation or sanitization of the input goals or the codebase content.
Audit Metadata