Skills
skills/steipete/agent-scripts/codex-review/Gen Agent Trust Hub

codex-review

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/codex-review script executes arbitrary strings via bash -lc when the --parallel-tests argument is provided. If an agent populates this argument from untrusted data, it could lead to arbitrary command execution.
  • [COMMAND_EXECUTION]: The helper script defaults to 'YOLO' mode, which includes the --dangerously-bypass-approvals-and-sandbox flag. This explicitly instructs the underlying tool to skip security boundaries and user approval prompts.
  • [PROMPT_INJECTION]: The SKILL.md instructions contain directives that override standard agent behavior, such as 'Never switch or override the review model' and 'Keep going until Codex review returns no accepted/actionable findings,' which may lead to excessive execution cycles or refusal to use safer models.
  • [COMMAND_EXECUTION]: The tool allows overriding the path to the codex binary through the CODEX_BIN environment variable or --codex-bin flag, which could be leveraged to execute alternative malicious binaries if the environment is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 08:22 AM
Security Audit — agent-trust-hub — codex-review