Skills
skills/synapseradio/ai-skills/stax/Gen Agent Trust Hub

stax

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by instructing the agent to process untrusted data from external sources, such as pull request comments, commit messages, and diffs, without using boundary markers or sanitization.
  • Ingestion points: stax comments, stax log, stax diff, and stax ci (documented in references/commands.md).
  • Boundary markers: The skill does not provide delimiters or instructions to ignore embedded commands within this external data.
  • Capability inventory: The agent has extensive shell execution capabilities via the stax tool, including branch deletion, PR submission, and arbitrary command execution.
  • Sanitization: There is no requirement or instruction for the agent to sanitize or validate the external content before processing.
  • [COMMAND_EXECUTION]: The skill grants the agent broad access to the stax CLI, which includes the stax run command (detailed in references/commands.md). This command allows for the execution of arbitrary shell strings across all branches in a stack, representing a high-capability command execution surface.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates remote operations including fetching from and pushing to GitHub remotes and interacting with the GitHub API (e.g., stax submit, stax sync, stax auth). These operations target well-known services (GitHub) and are consistent with the tool's primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 11:03 PM