sending-to-codex
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to utilize the
codexCLI with the--full-autoflag. According to the skill's own documentation, this flag enables "automatic execution (no approval prompts)," allowing an external process to perform modifications on the file system and execute code without human oversight. - [COMMAND_EXECUTION]: The command templates provided in the skill interpolate user-controlled strings directly into shell command arguments using double quotes (e.g.,
codex exec ... "<task description>"). This pattern is vulnerable to command injection attacks if a user provides a task description containing shell metacharacters such as backticks, semicolons, or command substitution syntax. - [COMMAND_EXECUTION]: The skill suggests using bash tool to execute these commands, which increases the impact of the aforementioned command injection vulnerability by allowing execution in the user's local environment.
Recommendations
- AI detected serious security threats
Audit Metadata