lcx-doctor
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands and local binaries including git, gh (GitHub CLI), and codex to perform version checks, environment diagnostics, and runtime probes.
- [EXTERNAL_DOWNLOADS]: It clones and fetches the latest source code from the official openai/codex and code-yeongyu/lazycodex GitHub repositories into the /tmp directory for comparison purposes.
- [DATA_EXFILTRATION]: It accesses the local configuration file located at ~/.codex/config.toml or within the CODEX_HOME directory. This file is a known location for sensitive service configurations and potentially contains API tokens or credentials for the Codex service. The information is accessed to verify installation integrity against expected standards.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external sources such as GitHub issue lists and local user configuration files. 1. Ingestion points: Local config.toml and remote GitHub issue titles/descriptions fetched via gh issue list. 2. Boundary markers: The instructions do not specify any delimiters or warnings to ignore embedded instructions in the processed data. 3. Capability inventory: The agent can execute shell commands, read files, and trigger other skills like debugging and bug reporting. 4. Sanitization: There is no evidence of sanitization or filtering applied to the external data before it is processed.
Audit Metadata