codex-imagegen

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing the codex exec CLI and other shell utilities such as ls, find, cp, and python. It provides command templates for image generation and post-processing tasks like background removal.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @openai/codex package via NPM and the pillow library via PyPI. These are standard packages from established repositories associated with well-known technology organizations.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection via user-controlled data.
  • Ingestion points: User-provided image prompts are interpolated into instructions and shell commands within SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to separate the user-generated content from the system instructions or to warn against embedded commands.
  • Capability inventory: The skill utilizes shell command execution (codex exec), file system access (/tmp/, ~/.codex/), and package installation tools (npm, pip).
  • Sanitization: User input is directly placed into a quoted string in a shell command (codex exec ... "<prompt instructions>"). If the input contains shell metacharacters like backticks or subshell expansions, it could potentially lead to arbitrary command execution within the user's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 07:17 AM
Security Audit — agent-trust-hub — codex-imagegen