Skills
skills/richfrem/agent-plugins-skills/codex-cli-agent/Gen Agent Trust Hub

codex-cli-agent

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the codex binary and the ./scripts/run_agent.py orchestration script to route code-focused tasks to AI models.
  • [DATA_EXFILTRATION]: The skill's health check section suggests running echo $OPENAI_API_KEY, which is a security risk as it exposes sensitive credentials in terminal output and command history logs (data exposure).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing external files with powerful tools. * Ingestion points: Untrusted content from INPUT_FILE enters the agent's context via the run_agent.py script. * Boundary markers: No delimiters or markers are identified in the orchestration examples to isolate input data from instructions. * Capability inventory: The skill has access to the Bash, Read, and Write tools. * Sanitization: There is no documentation regarding the sanitization or validation of data read from input files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:08 PM
Security Audit — agent-trust-hub — codex-cli-agent