detail-page-copy
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to check for the presence of the
codexCLI tool using the commandcodex --version. This environment fingerprinting allows the agent to decide whether to utilize a local backend or internal logic for its tasks. - [INDIRECT_PROMPT_INJECTION]: The skill includes features (
--mode diagnoseand--mode copy) that process untrusted data from external product pages via URLs or image uploads. - Ingestion points: Webpage URLs and screenshot images provided as inputs in the
SKILL.mdworkflows. - Boundary markers: Absent; the instructions do not provide explicit delimiters or "ignore embedded instructions" warnings to the agent when processing the fetched content.
- Capability inventory: The agent can execute local shell commands (
codex) and trigger other automated tools in the vendor ecosystem (moai-core:ai-slop-reviewer). - Sanitization: Absent; there is no mention of sanitizing, escaping, or validating the text extracted from the external pages before the agent analyzes it.
Audit Metadata