agentix-ceo
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a remote "playbook" fetched from the Agentix API to define its operating mode and policies, which introduces a surface for indirect prompt injection where external data governs agent behavior.
- Ingestion points: Behavioral instructions are retrieved from
$AGENTIX_API/teams/:id/playbookand$AGENTIX_API/playbook-templates/. - Boundary markers: Absent. The instructions explicitly state that the playbook governs behavior and the user's instructions override the skill file.
- Capability inventory: The skill can spawn remote workers, manage roles with system prompts, and update team configurations including GitHub tokens.
- Sanitization: There is no evidence of sanitization or validation of the playbook content before it is adopted as the agent's governing logic.
- [EXTERNAL_DOWNLOADS]: The skill performs numerous network operations to
https://agentix.cloudto manage user registration, team setup, and task coordination. It also retrieves operating templates and playbooks from this domain. - [COMMAND_EXECUTION]: The skill facilitates the execution of remote code by spawning workers on the vendor's infrastructure via API calls (
POST $AGENTIX_API/tasks/TASK_ID/run). These workers perform tasks based on description strings provided in the task management system.
Audit Metadata