aiox-master
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The activation protocol requires the agent to execute a shell command to run a local script: 'node .aiox-core/development/scripts/generate-greeting.js aiox-master'. This provides a mechanism to run JavaScript code stored within the project directory.\n- [PROMPT_INJECTION]: The skill dynamically loads its 'source of truth' instructions from local file paths like '.aiox-core/development/agents/aiox-master.md'. This exposes the agent to indirect prompt injection if these local files are modified by an attacker (e.g., via a malicious pull request or untrusted local changes).\n- [PROMPT_INJECTION]: Indirect Prompt Injection analysis for instruction loading:\n
- Ingestion points: External file references in SKILL.md (e.g., '.aiox-core/development/agents/aiox-master.md', '.aiox-core/constitution.md').\n
- Boundary markers: None identified; instructions are loaded as absolute sources of truth.\n
- Capability inventory: Node.js command execution, file system modification commands (*create, *modify, *update-manifest).\n
- Sanitization: No validation or sanitization process is defined for the content of the loaded files before they are adopted as the agent's persona.
Audit Metadata