Skills
skills/lploc94/codex_skill/codex-pr-review/Gen Agent Trust Hub

codex-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted PR data (titles, descriptions, and diffs) without sanitization or boundary markers, which is then processed by the agent. Ingestion points: 'SKILL.md' (Workflow Step 1) and 'workflow.md' (Step 1). Boundary markers: Absent. Capability inventory: Shell commands and script execution ('node "$RUNNER"'). Sanitization: Absent. Evidence: 'references/prompts.md' and 'references/workflow.md'.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a package from the author's GitHub repository using 'npx github:lploc94/codex_skill' as specified in 'SKILL.md'.
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes remote code from GitHub via 'npx' and runs a runner script via 'node'. Evidence: 'SKILL.md' and 'references/workflow.md'.
  • [COMMAND_EXECUTION]: The skill performs repository analysis by executing various git commands such as 'git diff', 'git log', and 'git rev-list'. Evidence: 'references/workflow.md'.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 11:35 AM