Skills
skills/synkraai/aiox-core/aiox-devops/Gen Agent Trust Hub

aiox-devops

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill executes a local Node.js script during the activation protocol via the command node .aiox-core/development/scripts/generate-greeting.js devops to initialize the agent's interface.\n- [COMMAND_EXECUTION]: The skill is authorized to perform various shell-based DevOps operations, including git push, branch management via *create-pr, and repository configuration through *configure-ci.\n- [INDIRECT_PROMPT_INJECTION]: The skill analyzes external repository data, creating a potential surface for indirect prompt injection. \n
  • Ingestion points: The agent loads the source of truth from .aiox-core/development/agents/devops.md and reads repository context through the *detect-repo command. \n
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore instructions embedded in the analyzed codebase. \n
  • Capability inventory: The agent has the ability to write to the repository (*push), create PRs, modify CI/CD workflows, and execute local scripts. \n
  • Sanitization: There is no evidence of validation or sanitization of the repository content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:45 PM