The Agent Skills Directory

[COMMAND_EXECUTION]: The activation protocol explicitly directs the agent to execute a shell command: node .aiox-core/development/scripts/generate-greeting.js dev. This initiates script execution on the host system.
[COMMAND_EXECUTION]: The *verify-subtask functionality supports arbitrary command execution, API interactions, and browser-based testing, which provides a high-privilege environment for automated tasks.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: The skill loads instructions from .aiox-core/development/agents/dev.md, .codex/agents/dev.md, and .aiox-core/constitution.md. 2. Boundary markers: No delimiters or ignore-instructions warnings are present. 3. Capability inventory: Includes full shell access via node and arbitrary network/browser operations for verification. 4. Sanitization: No validation of the ingested markdown or project artifacts is mentioned.
[DATA_EXFILTRATION]: The inclusion of API and browser verification modes introduces a risk of data exfiltration if the agent processes sensitive project data under the influence of compromised instructions in the external project files.

aiox-dev