blast-radius

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses 'overrides' to steer the agent's behavior, directing it to replace default models with specific alternatives like 'Codex gpt-5.6-sol' and to ignore standard panel defaults.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute real code to prove safety facts: 'Write a script or test that runs the real code, run it, and paste what happened.' It also references using 'Codex CLI workers' and the 'spawn-codex-worker' script for execution.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted external content (PRs/commits) and using it to inform local script generation and execution.
  • Ingestion points: Pull requests and commits accessed via the why skill referenced in Step 1.
  • Boundary markers: No explicit instructions to treat PR content as untrusted data or use delimiters are present.
  • Capability inventory: Host terminal access, browser access, git tools, and script execution capabilities (direct codex exec).
  • Sanitization: The instructions do not mention sanitizing or validating the code ingested from external sources before it is used to generate or run tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 04:46 PM