Skills
skills/seika139/dotfiles/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the bash tool to execute codex review and codex exec commands, including flags for automatic execution and custom review prompts within the local filesystem.
  • [EXTERNAL_DOWNLOADS]: Identifies the @openai/codex Node.js package as a prerequisite for the skill's functionality.
  • [DATA_EXFILTRATION]: Transmits source code, commit history, and differential changes to an external review service, which is a necessary step for the skill's primary function of code analysis.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by having the agent read and reflect changes based on the output of an external tool.
  • Ingestion points: Results from codex review and codex exec commands (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external tool output as untrusted content.
  • Capability inventory: The agent has access to the bash tool to perform repository modifications and run further commands (SKILL.md).
  • Sanitization: No sanitization or verification of the external tool's suggestions is mandated before the agent is instructed to apply changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 03:43 AM
Security Audit — agent-trust-hub — codex-review