codex-imagegen
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/codex_imagegen.pyexecutes thecodexCLI tool usingsubprocess.run. This is the primary mechanism for the skill's functionality. The command is constructed using a list of arguments and runs withshell=False(default), which prevents OS-level shell injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it interpolates untrusted user input directly into the prompt context for the Codex agent.
- Ingestion points: Untrusted data enters via the
--promptargument inscripts/codex_imagegen.py. - Boundary markers: The prompt template in
build_generate_promptandbuild_edit_promptprovides some structure but lacks explicit delimiters or warnings for the agent to ignore instructions embedded within the user's prompt. - Capability inventory: The skill possesses file system access (
shutil.copy2) and the ability to execute thecodexCLI tool (subprocess.run), which is a general-purpose agent executor. - Sanitization: No sanitization or escaping is performed on the user-provided prompt content before interpolation.
Audit Metadata