principle-type-system-discipline

Warn

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a set of 'overrides' intended to be applied before the original workflow. These instructions attempt to hijack the agent's behavior, forcing it to use specific models (like 'Codex gpt-5.6-sol') and custom delegation logic instead of default system settings.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to launch external workers and execute commands using scripts such as 'spawn-codex-worker' or through 'direct codex exec'. Running unverified external processes can lead to arbitrary code execution on the host system, as the contents of these scripts or binaries are not defined within the skill.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 10, 2026, 04:46 PM