Skills
skills/ar9av/obsidian-wiki/codex-history-ingest/Gen Agent Trust Hub

codex-history-ingest

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive local file paths and configuration files.
  • Evidence: Instructs the agent to read ~/.codex/ and its subdirectories, which store user conversation logs, session rollouts, and transcripts.
  • Evidence: Reads .env and .manifest.json to manage ingestion state and configuration paths.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the nature of data ingestion.
  • Ingestion points: Processes rollout-*.jsonl and history.jsonl files from the Codex directory (SKILL.md).
  • Boundary markers: The instructions lack specific boundary markers for the ingested content, though they provide logic to ignore system/developer prompts.
  • Capability inventory: The skill utilizes file system read and write operations to modify the Obsidian wiki based on the processed data.
  • Sanitization: Includes specific rules to redact API keys, tokens, and passwords, and encourages summarization over raw transcript quoting to mitigate risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 02:36 AM