Skills
skills/synkraai/aiox-core/aiox-squad-creator/Gen Agent Trust Hub

aiox-squad-creator

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local system command using Node.js to generate a greeting message during its activation protocol.
  • Evidence: node .aiox-core/development/scripts/generate-greeting.js squad-creator
  • [PROMPT_INJECTION]: The skill ingests instructions from external markdown files, creating a surface for indirect prompt injection if the project environment contains untrusted content.
  • Ingestion points: .aiox-core/development/agents/squad-creator.md, .codex/agents/squad-creator.md
  • Boundary markers: Absent (no delimiters or warnings specified for imported content)
  • Capability inventory: Local subprocess execution via Node.js
  • Sanitization: Absent (content is loaded directly as a source of truth)
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:45 PM