axiom-ios-vision
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to bypass safety filters or override system prompts. It uses standard instructional formatting to define routing logic.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were found in the file.
- Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not reference external packages or remote scripts. It only references other internal skills (e.g., axiom-vision) via semantic routing.
- Privilege Escalation (SAFE): No commands related to elevated permissions or system-level modifications are present.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or startup services.
- Metadata Poisoning (SAFE): Metadata fields (name, description, license) accurately reflect the purpose of the skill.
- Indirect Prompt Injection (SAFE): As a routing-only skill, it does not directly ingest or process external untrusted data. It merely directs the agent on which tool to use for specific intents.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or specific environment variables was found.
- Dynamic Execution (SAFE): The skill contains no code generation, runtime compilation, or unsafe deserialization patterns.
Audit Metadata