codex-prompting-local
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious override or bypass patterns were detected. The skill actually includes defensive prompting blocks, such as 'action_safety', which explicitly instructs the agent to call out risky or irreversible actions before execution.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file access, or unauthorized network operations was found. The skill operates within the local repository context.
- [COMMAND_EXECUTION]: While the skill is designed to work with a Codex CLI and 'write-capable tasks', it does not contain any automated or hidden command execution. All mentions of commands (like Nix-managed scripts) are for documentation of the existing environment's legitimate workflows.
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a surface for processing repository data (Category 8). It addresses this risk by implementing structured XML boundary markers (e.g., , <grounding_rules>) to delimit untrusted content from instructions, which is a recommended mitigation practice.
Audit Metadata