codex-dynamic-workflows

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its result aggregation mechanism.
  • Ingestion points: The scripts/collect_results.py script is used to read and summarize content from Markdown files located in the results/ directory of a workflow run.
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes the output of the collection script, which could lead the agent to follow malicious instructions embedded in a task result.
  • Capability inventory: The skill possesses capabilities for repository modification, file creation, and execution of local Python scripts, providing a surface for injected instructions to affect the workspace.
  • Sanitization: The collect_results.py script performs simple line filtering based on markers (e.g., 'Accepted', 'Risk') but does not escape or validate the content of the lines it includes in the summary.
  • [COMMAND_EXECUTION]: The skill relies on the execution of bundled Python scripts (scripts/new_workflow.py, scripts/collect_results.py, scripts/verify_workflow.py) for scaffolding the environment and managing workflow state. These scripts are used legitimately for the skill's primary purpose but provide the agent with tools to modify the local file system and repository structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:18 AM
Security Audit — agent-trust-hub — codex-dynamic-workflows