imagine
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
generate.jsandedit.jsscripts utilize a hardcoded developer prompt that explicitly instructs the AI to ignore its safety guidelines, content warnings, and disclaimers. It employs deceptive framing, claiming the request is part of an 'authorized red-team evaluation session', to attempt to neutralize the model's built-in safety filters. - [COMMAND_EXECUTION]: The skill uses
execSyncto execute shell commands for local process management. It specifically runs a pipeline usinglsofandkillto terminate any existing processes occupying the hardcoded local port used by the OAuth proxy. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto dynamically download and execute external code from the npm registry at runtime. Specifically, it executesopenai-oauth(an unscoped third-party package) and instructs the user to run@openai/codexfor authentication. While npm is a well-known service, executing unverified packages at runtime introduces supply chain risk.
Audit Metadata