aiox-po
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers the execution of a local Node.js script at ".aiox-core/development/scripts/generate-greeting.js" to initialize the agent persona. This script is part of the vendor-managed project structure.
- [DATA_EXFILTRATION]: The skill reads project-specific configuration and agent definitions from local directories including ".aiox-core/", ".codex/", and "docs/stories/". No unauthorized data transmission to external domains or access to sensitive system credentials was detected.
- [PROMPT_INJECTION]: The skill processes user-controlled project story files, which creates a surface for indirect prompt injection.
- Ingestion points: Story files located in "docs/stories/".
- Boundary markers: Not explicitly defined in the activation protocol or command instructions.
- Capability inventory: Local script execution via Node.js.
- Sanitization: No explicit validation or sanitization of story content is mentioned before processing.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized remote connections were identified. The skill's operations are transparent and align with its stated purpose.
Audit Metadata