Skills
skills/abpai/skills/codex-exec/Gen Agent Trust Hub

codex-exec

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_CONTEXT_INJECTION]: The skill uses shell commands inside a dynamic execution block to verify the presence of the codex CLI and check Git status during skill initialization.
  • [EXTERNAL_DOWNLOADS]: The skill performs an update check by downloading a version file from the author's GitHub repository (https://raw.githubusercontent.com/abpai/skills/main/versions.json).
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from file contents and git metadata when performing engineering tasks.
  • Ingestion points: Output from git status and workspace files.
  • Boundary markers: None present.
  • Capability inventory: Bash(codex *), Bash(git status *), Bash(git rev-parse *).
  • Sanitization: None documented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:21 PM
Security Audit — agent-trust-hub — codex-exec