platform-core
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection where untrusted data is ingested from external triggers.
- Ingestion points: The environment variable AITER_REPLY_CONTEXT receives message content from external Instant Messaging (IM) triggers (SKILL.md).
- Boundary markers: No specific delimiters or "ignore embedded instructions" markers are described for the context variable.
- Capability inventory: The skill provides high-privilege capabilities including terminal command execution (aiter terminal write), plugin installation (aiter plugins add), and public network tunnel creation (aiter tunnel create) (SKILL.md).
- Sanitization: No methods for sanitizing or escaping external content before processing are specified in this foundation skill.
- [COMMAND_EXECUTION]: Provides an interface for arbitrary command execution in the host shell environment through the aiter terminal write namespace.
- [EXTERNAL_DOWNLOADS]: Facilitates the installation of external software packages and plugins from the npm registry using the aiter plugins add command.
- [DATA_EXFILTRATION]: Includes functionality to create public network tunnels (aiter tunnel create) and file servers (aiter server start), which are intended for sharing but can be used to expose local services or project data to the internet.
Audit Metadata