detail-page-copy

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to check for the presence of the codex CLI tool using the command codex --version. This environment fingerprinting allows the agent to decide whether to utilize a local backend or internal logic for its tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill includes features (--mode diagnose and --mode copy) that process untrusted data from external product pages via URLs or image uploads.
  • Ingestion points: Webpage URLs and screenshot images provided as inputs in the SKILL.md workflows.
  • Boundary markers: Absent; the instructions do not provide explicit delimiters or "ignore embedded instructions" warnings to the agent when processing the fetched content.
  • Capability inventory: The agent can execute local shell commands (codex) and trigger other automated tools in the vendor ecosystem (moai-core:ai-slop-reviewer).
  • Sanitization: Absent; there is no mention of sanitizing, escaping, or validating the text extracted from the external pages before the agent analyzes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:27 AM
Security Audit — agent-trust-hub — detail-page-copy