codex-dynamic-workflows

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses localized Python helper scripts to automate the creation and management of workflow artifacts. The agent is directed to run scripts such as new_workflow.py for scaffolding and verify_workflow.py for validating state consistency.
  • [PROMPT_INJECTION]: The orchestration logic presents an indirect prompt injection surface as it processes data from external files (JavaScript workflow definitions and Markdown packet results) to generate prompts for subagents.
  • Ingestion points: Data enters the agent context through scripts/codex_workflow.py (parsing JS files) and scripts/collect_results.py (reading result files).
  • Boundary markers: The skill uses structured packet templates that include explicit "Do" and "Do Not" sections to provide operational constraints for subagents.
  • Capability inventory: The skill facilitates subagent spawning, local file management within .workflow/ directories, and project-wide task coordination.
  • Sanitization: The scripts perform basic string unescaping but do not implement rigorous filtering or sanitization of external content prior to prompt interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:15 AM
Security Audit — agent-trust-hub — codex-dynamic-workflows