skills/giulioco/skills/codex-imagegen/Gen Agent Trust Hub

codex-imagegen

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/codex_imagegen.py executes the codex CLI tool using subprocess.run. This is the primary mechanism for the skill's functionality. The command is constructed using a list of arguments and runs with shell=False (default), which prevents OS-level shell injection.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it interpolates untrusted user input directly into the prompt context for the Codex agent.
  • Ingestion points: Untrusted data enters via the --prompt argument in scripts/codex_imagegen.py.
  • Boundary markers: The prompt template in build_generate_prompt and build_edit_prompt provides some structure but lacks explicit delimiters or warnings for the agent to ignore instructions embedded within the user's prompt.
  • Capability inventory: The skill possesses file system access (shutil.copy2) and the ability to execute the codex CLI tool (subprocess.run), which is a general-purpose agent executor.
  • Sanitization: No sanitization or escaping is performed on the user-provided prompt content before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:29 PM