bootstrap-codex-sdlc

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script located at plugins/codex-sdlc/scripts/render_agents_md.py to generate repository configuration blocks. This script is part of the skill's internal tooling.
  • [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface through its workflow of inspecting and reading repository content to determine configuration defaults.
  • Ingestion points: The agent is instructed to "Inspect the repo" and "Read any existing AGENTS.md" before generating new content.
  • Boundary markers: The instructions do not specify any delimiters or warnings to ignore malicious instructions that might be embedded in the files being read.
  • Capability inventory: The skill has the capability to write to the repository's AGENTS.md file and execute a local Python script (render_agents_md.py).
  • Sanitization: There are no mentioned sanitization or validation steps for the data retrieved from the repository files before it is used to influence the agent's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 02:35 PM
Security Audit — agent-trust-hub — bootstrap-codex-sdlc