blast-radius
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses 'overrides' to steer the agent's behavior, directing it to replace default models with specific alternatives like 'Codex gpt-5.6-sol' and to ignore standard panel defaults.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute real code to prove safety facts: 'Write a script or test that runs the real code, run it, and paste what happened.' It also references using 'Codex CLI workers' and the 'spawn-codex-worker' script for execution.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted external content (PRs/commits) and using it to inform local script generation and execution.
- Ingestion points: Pull requests and commits accessed via the
whyskill referenced in Step 1. - Boundary markers: No explicit instructions to treat PR content as untrusted data or use delimiters are present.
- Capability inventory: Host terminal access, browser access, git tools, and script execution capabilities (
direct codex exec). - Sanitization: The instructions do not mention sanitizing or validating the code ingested from external sources before it is used to generate or run tests.
Audit Metadata