Skills
skills/breezewish/skills/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/review.js executes the codex command-line utility to handle the review logic. Evidence: spawn("codex", ["app-server"]) in scripts/review.js.
  • [PROMPT_INJECTION]: The skill interpolates user-provided text into instructions for the Codex review agent and has an indirect prompt injection surface through the analysis of untrusted codebase content.
  • Ingestion points: The project directory (cwd) and the user-supplied review prompt.
  • Boundary markers: No explicit delimiters or boundary warnings are enforced in the prompt template.
  • Capability inventory: The review agent is initialized with a danger-full-access sandbox configuration.
  • Sanitization: No content filtering or validation is performed on the codebase or user input.
  • [DATA_EXFILTRATION]: The skill provides the Codex service with access to the project directory for the purpose of the review. Evidence: The thread/start message in scripts/review.js includes the cwd parameter pointing to the user's project.
  • [SAFE]: The identified behaviors, including command execution and code analysis, are intrinsic to the skill's primary purpose of performing automated code reviews.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:06 AM
Security Audit — agent-trust-hub — codex-review