acpx
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates interaction with the
acpxcommand-line utility for executing Codex tasks and managing persistent agent sessions. It utilizes granular permission flags such as--approve-readsand--approve-allto scope agent capabilities based on the task type.\n- [SAFE]: The skill includes explicit instructions to 'Sanitize secrets before including file contents in a prompt file,' demonstrating a security-conscious approach to data handling.\n- [PROMPT_INJECTION]: The skill defines a workflow where prompts are assembled from task context and external files, creating a surface for indirect prompt injection.\n - Ingestion points: External task data and file contents from the repository are incorporated into prompt files used with the
-fargument.\n - Boundary markers: No explicit delimiters or boundary markers are specified in the instructions for separating system roles from untrusted task data within the prompt files.\n
- Capability inventory: The
acpxtool has the ability to read and edit files in the repository when the--approve-allflag is enabled and can execute arbitrary code via the Codex loop.\n - Sanitization: While the skill mandates secret sanitization, it does not detail specific methods for escaping or validating potentially malicious instructional content within the ingested task data.
Audit Metadata