bootstrap-codex-sdlc
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script located at
plugins/codex-sdlc/scripts/render_agents_md.pyto generate repository configuration blocks. This script is part of the skill's internal tooling. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface through its workflow of inspecting and reading repository content to determine configuration defaults.
- Ingestion points: The agent is instructed to "Inspect the repo" and "Read any existing AGENTS.md" before generating new content.
- Boundary markers: The instructions do not specify any delimiters or warnings to ignore malicious instructions that might be embedded in the files being read.
- Capability inventory: The skill has the capability to write to the repository's
AGENTS.mdfile and execute a local Python script (render_agents_md.py). - Sanitization: There are no mentioned sanitization or validation steps for the data retrieved from the repository files before it is used to influence the agent's output.
Audit Metadata