codex-cli
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts and the external
codexbinary to facilitate its core functions, such as code review, technical questioning, and system diagnostics. - [EXTERNAL_DOWNLOADS]: The skill has a dependency on the external
codexcommand-line tool, which is associated with a trusted technology vendor. - [PROMPT_INJECTION]: The skill utilizes prompt templates (e.g.,
templates/review-prompt.md) where user-provided task descriptions and repository contexts are interpolated. This creates a surface for indirect prompt injection where malicious content in a repository could influence the subagent's analysis. - Ingestion points: Git diffs and user-provided context files processed by
scripts/codex-ask.sh. - Boundary markers: Templates use clear section headers (e.g.,
Task:,Context:) to delineate instructions from data. - Capability inventory: The skill can read local files and execute the
codexbinary with configurable sandbox settings. - Sanitization:
scripts/codex-ask.shincludes logic to truncate context files that exceed 240 lines or 20,000 bytes to prevent context overflow or massive data ingestion.
Audit Metadata