codex-log-guard

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and processing log data from local SQLite databases. If an external process or attacker can influence the content of these logs, they might be able to steer the agent's behavior. \n
  • Ingestion points: The agent queries the logs table in ~/.codex/logs_2.sqlite and ~/.codex/sqlite/logs_2.sqlite to analyze log levels and noisy targets. \n
  • Boundary markers: There are no explicit instructions or delimiters used to isolate the database output and prevent it from being interpreted as instructions. \n
  • Capability inventory: The skill has the ability to execute shell commands (bash, lsof, stat, sqlite3) and modify the local filesystem (creating backups and deleting log entries). \n
  • Sanitization: The skill does not implement sanitization or validation of the data retrieved from the database logs. \n- [COMMAND_EXECUTION]: The skill generates and executes shell commands to perform its diagnostic and mitigation tasks. \n
  • Evidence: It uses bash to check file sizes, sample database growth, and identify open processes using lsof. It also uses sqlite3 to modify database schema (triggers) and data (delete/vacuum). These are simple scripts generated from known templates within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — codex-log-guard