codex
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered around executing the
codex-wrappercommand-line utility to perform automated code tasks. - [EXTERNAL_DOWNLOADS]: The documentation specifies that the tool should be obtained from GitHub Releases or an
install.shscript, which represents a dependency on an unverified third-party source. - [PROMPT_INJECTION]: The skill's feature for multi-file analysis (using
@syntax) creates a surface for Indirect Prompt Injection. Malicious content within analyzed files could attempt to override the agent's instructions. - Ingestion points: File content from the local environment and user-defined task text.
- Boundary markers: Uses shell HEREDOC to prevent local shell injection, but lacks delimiters to isolate external file content within the AI prompt.
- Capability inventory: File access and execution of the wrapper binary.
- Sanitization: There is no mention of sanitizing or validating the contents of the files before they are processed by the AI.
Audit Metadata