codex-imagegen
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing the
codex execCLI and other shell utilities such asls,find,cp, andpython. It provides command templates for image generation and post-processing tasks like background removal. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@openai/codexpackage via NPM and thepillowlibrary via PyPI. These are standard packages from established repositories associated with well-known technology organizations. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection via user-controlled data.
- Ingestion points: User-provided image prompts are interpolated into instructions and shell commands within
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to separate the user-generated content from the system instructions or to warn against embedded commands.
- Capability inventory: The skill utilizes shell command execution (
codex exec), file system access (/tmp/,~/.codex/), and package installation tools (npm,pip). - Sanitization: User input is directly placed into a quoted string in a shell command (
codex exec ... "<prompt instructions>"). If the input contains shell metacharacters like backticks or subshell expansions, it could potentially lead to arbitrary command execution within the user's environment.
Audit Metadata