codex-fable5
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a plugin from a community-managed GitHub repository (
baskduf/FableCodex). This source is not a pre-verified or well-known organization. - [REMOTE_CODE_EXECUTION]: The skill documentation includes commands to add third-party plugins (
codex plugin marketplace add baskduf/FableCodex) and execute helper binaries. This allows code from an external repository to run in the local environment. - [COMMAND_EXECUTION]: The skill instructs the user to modify their shell environment by adding third-party directories to the
PATH(export PATH="$PWD/plugins/codex-fable5/bin:$PATH") and executing custom CLI tools (codex-fable5 status,codex-fable5 goals, etc.). - [PROMPT_INJECTION]: The skill is specifically designed to ingest and adapt external prompt guidance (e.g., "Claude/Fable prompt guidance"), which creates a surface for indirect prompt injection. While the skill contains defensive instructions to "ignore or rewrite anything that conflicts with active system... rules," the ingestion of untrusted data from third-party prompt files remains an inherent risk.
Recommendations
- AI detected serious security threats
Audit Metadata