aiox-sm
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local Node.js script (node .aiox-core/development/scripts/generate-greeting.js sm) during the activation protocol. This introduces a requirement for the agent to run shell commands within the environment.
- [PROMPT_INJECTION]: The skill is designed to process external documents such as Product Requirement Documents (PRD) and project artifacts to generate user stories. This creates an indirect prompt injection surface.
- Ingestion points: External PRD files and project artifacts referenced in the description and non-negotiables.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Execution of Node.js scripts (SKILL.md).
- Sanitization: No evidence of input validation or instruction filtering for processed data.
Audit Metadata