codex-marketing-skills
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a third-party repository from GitHub (rbrown101010/codex-marketing-skills) and install various CLI utilities such as excalidraw-cli and remotion via npm. These are standard operations for setting up the described marketing workflows.
- [COMMAND_EXECUTION]: Several components of the skill use subprocess.run to interact with local CLI tools for searching Readwise highlights, generating Excalidraw diagrams, and running media generation models. The implementation follows best practices by using list-based arguments to mitigate shell injection risks.
- [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection by ingesting data from external, untrusted sources such as YouTube transcripts and Gmail messages.
- Ingestion points: The fetch_brand_deal_emails, search_readwise, and get_transcript functions in SKILL.md.
- Boundary markers: None identified; external content is processed and formatted directly into agent context.
- Capability inventory: The agent has access to system command execution (via subprocess.run) and network operations (via requests.post to Buffer and local MCP servers).
- Sanitization: No explicit sanitization or filtering of external data is shown in the provided code snippets.
Audit Metadata