aieos-identity
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability during the identity import process.
- Ingestion points:
aieos-import.jsreads untrusted data from external JSON files (e.g.,default.aieos.json). - Boundary markers: The generated markdown files (
SOUL.md,IDENTITY.md,AGENTS.md) do not include delimiters or specific instructions for the agent to ignore potentially malicious content within imported fields. - Capability inventory: The skill includes file writing operations (
fs.writeFileSyncinaieos-import.js) and subprocess execution (child_process.execSyncintest.js). - Sanitization: There is a lack of sanitization for user-controlled strings (such as
core_values,catchphrases, andstyle_descriptors) before they are written into the agent's behavior configuration files. - [COMMAND_EXECUTION]: The
test.jsutility utilizeschild_process.execSyncto execute local Node.js scripts. This is a standard testing pattern but involves the execution of system-level commands based on path variables.
Audit Metadata