codex-dynamic-workflows
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses localized Python helper scripts to automate the creation and management of workflow artifacts. The agent is directed to run scripts such as
new_workflow.pyfor scaffolding andverify_workflow.pyfor validating state consistency. - [PROMPT_INJECTION]: The orchestration logic presents an indirect prompt injection surface as it processes data from external files (JavaScript workflow definitions and Markdown packet results) to generate prompts for subagents.
- Ingestion points: Data enters the agent context through
scripts/codex_workflow.py(parsing JS files) andscripts/collect_results.py(reading result files). - Boundary markers: The skill uses structured packet templates that include explicit "Do" and "Do Not" sections to provide operational constraints for subagents.
- Capability inventory: The skill facilitates subagent spawning, local file management within
.workflow/directories, and project-wide task coordination. - Sanitization: The scripts perform basic string unescaping but do not implement rigorous filtering or sanitization of external content prior to prompt interpolation.
Audit Metadata