axiom-audit
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
mcptoolspackage from an untrusted third-party repository (github.com/f/mcptools). - [EXTERNAL_DOWNLOADS]: Downloads the
axiom-mcptool from Axiom's official GitHub repository. - [CREDENTIALS_UNSAFE]: The skill instructs the agent to search for sensitive
AXIOMcredentials in local files such as.envand.config, which could expose secrets to the agent's context. - [PROMPT_INJECTION]: Potential for indirect prompt injection from untrusted Axiom log data. Mandatory Evidence Chain: (1) Ingestion points: log entries retrieved via
queryApl. (2) Boundary markers: no delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: access toBashandWritetools provides a significant attack surface. (4) Sanitization: no evidence of filtering or validation of log content. - [COMMAND_EXECUTION]: Executes shell commands via
Bashfor dependency installation and interacting with external binaries in the~/go/bindirectory.
Audit Metadata