Skills
skills/bigdra50/dotfiles/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands using a <target_dir> placeholder derived from user input. This pattern creates a potential surface for command or argument injection if the AI agent does not properly escape the provided path string before execution.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted source code and passes it to an LLM-powered tool (codex).
  • Ingestion points: Source code files located in the user-specified <target_dir> (referenced in SKILL.md).
  • Boundary markers: The prompts lack delimiters or explicit instructions for the AI to ignore instructions embedded within the code being analyzed.
  • Capability inventory: The skill utilizes Bash, TaskOutput, and Read tools. It invokes codex exec which performs the analysis.
  • Sanitization: No sanitization or validation is performed on the content of the source code before it is passed to the analysis tool.
  • [SAFE]: The skill implements a security best practice by including the --sandbox read-only flag when invoking the codex exec tool, preventing the review process from making any changes to the codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:40 PM
Security Audit — agent-trust-hub — codex-review