codex-exec
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary purpose is to execute commands via the
codex execCLI tool. It provides detailed instructions on how to manage these executions, including environment variable safety and stdin handling to prevent process hangs. - [REMOTE_CODE_EXECUTION]: The skill facilitates the running of model-generated code in a non-interactive environment. It addresses the inherent risks by mandating specific sandbox policies (
-s read-only,-s workspace-write) and providing high-severity warnings against bypassing these protections unless the host environment is already externally sandboxed. - [EXTERNAL_DOWNLOADS]: The instructions describe legitimate use cases for network-enabled operations, such as repository cloning and fetching metadata, while correctly identifying that these require specific sandbox elevations (
-s danger-full-access). - [PROMPT_INJECTION]: The skill includes instructions for managing the 'judge' pattern where one model instance validates another. It provides mitigation strategies against indirect injection by recommending structured output verification, JSON schema enforcement, and explicit evidence requirements for validator artifacts.
Audit Metadata