Skills
skills/synkraai/aiox-core/aiox-master/Gen Agent Trust Hub

aiox-master

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script via Node.js during its activation protocol to generate a greeting message.
  • Evidence: node .aiox-core/development/scripts/generate-greeting.js aiox-master in SKILL.md.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to load external files as its primary source of truth and persona definition.
  • Ingestion points: .aiox-core/development/agents/aiox-master.md and .codex/agents/aiox-master.md referenced in SKILL.md.
  • Boundary markers: Absent; the files are loaded directly into the context as instructions.
  • Capability inventory: Subprocess execution via node and a custom command system (*create, *modify, etc.).
  • Sanitization: The skill does not describe any validation or escaping for the content loaded from the referenced files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:44 PM