Skills
skills/code-yeongyu/lazycodex/lcx-contribute-bug-fix/Gen Agent Trust Hub

lcx-contribute-bug-fix

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches source code from the official OpenAI Codex repository and the developer's own LazyCodex repository on GitHub to facilitate bug fixing.
  • [COMMAND_EXECUTION]: Utilizes shell commands to manage temporary worktrees, execute reproduction scripts, and perform regression testing. It also invokes the GitHub CLI (gh) for repository forking, issue creation, and pull request management.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface (Category 8) as it ingest and acts upon user-provided bug reports to drive reproduction and testing workflows.
  • Ingestion points: User-provided bug reports and reproduction instructions described in SKILL.md.
  • Boundary markers: Absent; the instructions do not implement delimiters or warnings for the agent to ignore embedded instructions in the reproduction data.
  • Capability inventory: Shell command execution via bash, local file system manipulation in /tmp, and network/API operations via the GitHub CLI.
  • Sanitization: Absent; the skill is designed to execute reproduction commands as part of the intended debugging workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 11:37 AM
Security Audit — agent-trust-hub — lcx-contribute-bug-fix