principle-experience-first
Warn
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a set of "overrides" designed to bypass or replace the agent's default workflows and model selection policies. It explicitly instructs the agent to ignore standard model choices in favor of a non-existent "Codex gpt-5.6-sol" model, which is a common pattern for manipulating agent behavior.
- [COMMAND_EXECUTION]: The instructions direct the agent to perform specific shell-level actions such as "launch Codex CLI workers" using an external "spawn-codex-worker" script or via "direct codex exec". These commands involve executing code that is not defined within the skill itself, creating a dependency on external, potentially unverified binaries.
- [COMMAND_EXECUTION]: The skill encourages the agent to bypass platform-specific safety controls (referred to as "conceptual cues" like loop, babysit, and control-ui) and instead use direct host tools like the terminal, browser, and git, which can circumvent environment-specific restrictions.
Audit Metadata