aiox-dev
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The activation protocol includes the execution of a local Node.js script:
node .aiox-core/development/scripts/generate-greeting.js dev. This occurs automatically when the skill is initialized. - [COMMAND_EXECUTION]: The skill provides the
*verify-subtaskcommand, which allows the agent to execute arbitrary system commands, API requests, and browser-based end-to-end tests to verify implementation tasks. - [PROMPT_INJECTION]: The skill utilizes persona-adoption instructions ('Adopt this agent persona and command system'). While standard for defining agent behavior, this is a form of prompt manipulation.
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from local project artifacts to drive autonomous behavior.
- Ingestion points: The agent reads instructions and task definitions from
.aiox-core/development/agents/dev.md,implementation.yaml, andrecovery/attempts.json. - Boundary markers: No specific delimiters or safety instructions are defined to separate data read from these files from the agent's internal control logic.
- Capability inventory: The agent possesses extensive capabilities including Node.js execution, shell command execution, and autonomous file modification (
*develop-yolo). - Sanitization: The instructions do not specify any validation or sanitization of the content extracted from configuration files before it is processed by the agent.
Audit Metadata