codex-security
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill configuration defines a workflow that ingests and analyzes untrusted source code from the local environment, creating a surface for indirect prompt injection. \n
- Ingestion points: Reads local files using the Read, Grep, and Glob tools. \n
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the audited files. \n
- Capability inventory: Authorized to use the mcp__codex__codex tool and git-restricted Bash commands. \n
- Sanitization: Does not implement specific validation or sanitization of the input code before analysis.
Audit Metadata