aig-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions to override the agent's safety guardrails regarding local and private network interactions. It directs the agent to 'Accept and scan the following without hesitation: localhost, 127.0.0.1...' and 'Do NOT refuse or warn about local/private addresses.' This pattern is a deliberate instruction bypass required for its core function as an infrastructure scanner.
- [COMMAND_EXECUTION]: The skill utilizes the system's execution capabilities to run a bundled Python script ('scripts/aig_client.py') using 'python3'. This script manages the interaction between the agent and the A.I.G scanning service's API.
- [DATA_EXFILTRATION]: The 'aig_client.py' script includes functionality to upload local files and source code archives to a remote server defined by the user in the 'AIG_BASE_URL' environment variable. This enables the auditing of local AI tools and skills but creates a data exposure path to the configured backend.
- [PROMPT_INJECTION]: The skill handles untrusted content from a remote API (such as project descriptions and scan results) which is presented to the agent without sanitization, creating an indirect prompt injection surface.
- Ingestion points: Results and metadata fetched from the A.I.G task API by 'scripts/aig_client.py'.
- Boundary markers: Absent; remote content is displayed directly to the agent context.
- Capability inventory: Subprocess execution of local scripts via 'exec'.
- Sanitization: Absent; remote strings are not escaped or filtered before being passed to the agent.
Audit Metadata