Skills
skills/manaflow-ai/codex/codex-pr-body/Gen Agent Trust Hub

codex-pr-body

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading and processing potentially untrusted data from existing pull request bodies and the current conversation context.
  • Ingestion points: Existing pull request bodies (retrieved via gh pr view) and the conversation history (SKILL.md).
  • Boundary markers: Absent. The skill does not define clear delimiters or specify that the agent should ignore embedded instructions within the ingested content.
  • Capability inventory: Uses the GitHub CLI (gh) to edit pull requests and the Sapling CLI (sl) for repository management (SKILL.md).
  • Sanitization: Absent. The instructions do not specify any validation or filtering of input data before it is reused to generate new PR content.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) and Sapling (sl) to automate the retrieval and updating of pull request metadata. These actions are used to manage pull requests in the OpenAI Codex repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 01:29 PM