codex-cli-hooks

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions and examples describe a workflow that ingests untrusted data, creating an attack surface for indirect prompt injection.
  • Ingestion points: The stdin payload of hook scripts for PreToolUse, PostToolUse, and UserPromptSubmit contains raw user prompts, shell commands, and tool results.
  • Boundary markers: The documentation and examples do not describe or implement boundary markers or instructions to ignore instructions embedded within the processed data.
  • Capability inventory: Hooks can influence agent behavior by denying tool use, replacing tool outputs with feedback, and injecting systemMessage or additionalContext into the prompt.
  • Sanitization: No sanitization or validation of the incoming JSON payload is mentioned or shown in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:18 PM
Security Audit — agent-trust-hub — codex-cli-hooks