Skills
skills/synkraai/aiox-core/aiox-qa/Gen Agent Trust Hub

aiox-qa

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The activation protocol executes a local vendor script: node .aiox-core/development/scripts/generate-greeting.js qa.
  • [COMMAND_EXECUTION]: Starter commands such as *code-review and *review-build trigger automated processes that execute logic based on user-supplied parameters like {story} or {scope}.
  • [COMMAND_EXECUTION]: The command *review-build is configured to write a report file named qa_report.md to the local file system.
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied data in its commands, creating an attack surface for indirect prompt injection. Ingestion points: {story} and {scope} arguments; Boundary markers: absent; Capability inventory: command execution (node) and file-write operations; Sanitization: none identified in the current configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:53 AM