Skills
skills/boshu2/agentops/codex-approval/Gen Agent Trust Hub

codex-approval

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple terminal-based commands to orchestrate the approval process:
  • Uses tmux list-sessions and tmux list-panes to identify validator lanes.
  • Uses tmux capture-pane to extract transcripts from validator sessions.
  • Uses tmux send-keys and atm send to dispatch requests to other agents.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted plan data and forwards it to another agent without sanitization or strict boundary markers.
  • Ingestion points: The skill reads PLAN, RESEARCH, and SynthesisPacket files from the local repository as specified in Phase 1 and 3 of the workflow.
  • Boundary markers: The prompt template in Phase 3 does not utilize delimiters (e.g., XML tags or triple backticks) or "ignore embedded instructions" warnings when interpolating the content of the plans into the request sent to the validator.
  • Capability inventory: The skill possesses the ability to send content to terminal panes (tmux send-keys) and record results into the filesystem (.agents/council/).
  • Sanitization: No sanitization or validation of the input plan content is performed before it is sent to the Fable/Claude-family reviewer.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 06:52 PM
Security Audit — agent-trust-hub — codex-approval