Skills
skills/hiroro-work/claude-plugins/ask-codex/Gen Agent Trust Hub

ask-codex

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local CLI tool named codex via the Bash shell. It uses the exec subcommand to process coding queries and tasks, including options that allow the tool to automatically modify the workspace.
  • [PROMPT_INJECTION]: The skill accepts arbitrary user instructions and passes them directly to the codex tool, creating a vulnerability to indirect prompt injection.
  • Ingestion points: User-provided queries are passed as arguments to the codex exec command in SKILL.md.
  • Boundary markers: The skill lacks delimiters or explicit instructions to the agent to ignore embedded commands within the user data.
  • Capability inventory: The codex tool can perform code generation and workspace-write operations (specifically when the --full-auto flag is used).
  • Sanitization: No validation, escaping, or filtering is performed on the user input before it is passed to the underlying shell command.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 03:54 AM
Security Audit — agent-trust-hub — ask-codex