codex-review
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage the review process, including directory creation (
mkdir -p .jez/reviews), file output handling (tee), and the execution of thecodexcommand-line utility for reviewing the codebase. - [DATA_EXFILTRATION]: The skill transmits the project's source code to an external service via the
codex reviewcommand. This is documented as the intended functionality to receive a second opinion from an external AI model family. - [PROMPT_INJECTION]: There is a potential for indirect prompt injection. The skill ingests untrusted data in the form of the review report generated from the user's codebase. Malicious instructions or specially crafted comments within the application code could attempt to manipulate the 'Codex' model's output, which the agent then reads and summarizes for the user.
- Ingestion points: The agent reads findings from the generated report file located in
.jez/reviews/(SKILL.md, Summarise for the user section). - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions when the agent parses the report findings.
- Capability inventory: The agent has capabilities to execute shell commands, read/write files, and suggest code fixes to the user.
- Sanitization: Absent. There is no evidence of filtering or validation of the report content before it is processed by the agent.
Audit Metadata