aiox-claude-mastery-chief
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses an indirect activation model that loads its core logic from local project files, creating an attack surface for indirect prompt injection. * Ingestion points: Reads local configuration from squads/claude-code-mastery/agents/claude-mastery-chief.md and .aiox-core/constitution.md. * Boundary markers: The skill instructions do not specify any delimiter or verification markers for the content being loaded. * Capability inventory: The skill specifies the adoption of a command system and dependencies from the source file. * Sanitization: There is no instruction to sanitize or validate the content of the source files before adoption.
- [NO_CODE]: This skill consists entirely of markdown instructions and does not include any accompanying script files or binary executables.
- [SAFE]: The identified behaviors are consistent with the intended purpose of coordinating local agent squads and do not indicate malicious intent.
Audit Metadata