Skills
skills/regenrek/agent-skills/codex-sandbox/Gen Agent Trust Hub

codex-sandbox

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/codex_sandbox.py executes system commands such as git and the codex CLI using subprocess.run with argument lists. This approach avoids shell execution, effectively mitigating the risk of command injection.
  • [EXTERNAL_DOWNLOADS]: The skill performs git clone operations from remote repositories to initialize task sandboxes. This network activity is a core, documented feature used to create isolated working environments.
  • [COMMAND_EXECUTION]: The skill dynamically creates and installs executable bash scripts as git hooks (pre-commit and pre-push) within the sandbox directories. These hooks serve as a safety mechanism to prevent the agent from accidentally committing or pushing to protected branches like 'main' or 'master'.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 05:35 AM
Security Audit — agent-trust-hub — codex-sandbox