Skills
skills/aradotso/codex-skills/codexdesktop-rebuild-electron/Gen Agent Trust Hub

codexdesktop-rebuild-electron

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a repository from an external GitHub account (https://github.com/Haleclipse/CodexDesktop-Rebuild.git) and install its dependencies via npm install.
  • [COMMAND_EXECUTION]: The provided code snippets demonstrate an Electron Inter-Process Communication (IPC) handler named execute-codex-command that executes CLI commands. Without proper validation, this pattern can be vulnerable to command injection.
  • [PROMPT_INJECTION]: The skill implements an interface that takes user input from a textarea and passes it to an execution handler, creating a surface for indirect prompt injection. Ingestion point: src/webview/main.js. Capability inventory: ipcMain.handle in main.js. Boundary markers: None present. Sanitization: Not provided in documentation snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 01:41 AM