t3code
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The bundled script
scripts/launch_thread.pyexecutes the localt3CLI andgitusingsubprocess.run. These operations are used for session management and branch discovery. The script correctly uses list-based argument passing to mitigate shell injection risks. - [DATA_EXPOSURE]: The skill reads configuration and state files from local paths including
${T3CODE_HOME:-$HOME/.t3}/userdata/state.sqliteandserver-runtime.json. It also manages a local credential cache at~/.codex/t3code/credentials.json. The script implements appropriate file permissioning (0600) to protect these credentials. - [DATA_EXFILTRATION]: The skill transmits bearer tokens and project data to the T3 Code server origin. The origin is either discovered from local process metadata (scanning
/proc) or provided by the environment. This communication is required for the skill's primary function of thread orchestration. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied prompts and project-level configuration files (
.t3code/config.json). While this presents a surface for indirect prompt injection, it is mitigated by the tool's focus on local developer workflows and explicit server-side command structures.
Audit Metadata