Skills
skills/synkraai/aiox-core/aiox-sm/Gen Agent Trust Hub

aiox-sm

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes node .aiox-core/development/scripts/generate-greeting.js sm as part of its activation protocol to initialize the session.
  • [REMOTE_CODE_EXECUTION]: The activation sequence requires the execution of a Node.js script located at .aiox-core/development/scripts/generate-greeting.js. Dynamic execution of scripts within an agent environment carries inherent risks if the script content is not verified.
  • [PROMPT_INJECTION]: The skill processes Project Requirement Documents (PRDs) and other artifacts, creating an attack surface for indirect prompt injection. * Ingestion points: PRD analysis and user story creation workflows (SKILL.md). * Boundary markers: No explicit delimiters are present to separate untrusted data from system instructions. * Capability inventory: Execution of local Node.js scripts and file system access (SKILL.md). * Sanitization: No input validation or filtering is specified for the ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:45 PM
Security Audit — agent-trust-hub — aiox-sm