codex-plan-review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a shell-based orchestration for debating and refining Markdown plans. It follows best practices for variable escaping using a Node.js-based helper and manages session state through a structured CLI interface.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external Markdown plan files which could contain adversarial instructions.
- Ingestion points: Plan files (
plan.md) located in the root directory or within thedocs/folder. - Boundary markers: Absent. The templates in
references/prompts.mdinstruct the model to read the file directly at the provided path without specific delimiters or instructions to ignore embedded commands. - Capability inventory: The skill possesses the ability to execute a local Node.js runner for session operations and instructs the agent to apply fixes directly to the local filesystem.
- Sanitization: No sanitization or safety-filtering is applied to the content of the plan files before they are read by the model. This is noted as an inherent risk of the skill's primary function but does not represent a malicious intent.
Audit Metadata