Skills
skills/tobihagemann/turbo/codex/Gen Agent Trust Hub

codex

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the codex exec command which, when used with the --sandbox danger-full-access flag, allows the agent to perform high-risk operations such as installing packages, running tests, and executing arbitrary system operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Because codex review and codex exec analyze uncommitted changes, specific commits, and general project code, an attacker could place malicious instructions inside the codebase or commit history to manipulate the agent's behavior during task execution.
  • [COMMAND_EXECUTION]: The inclusion of the --full-auto flag permits the tool to edit files and execute tasks without human confirmation prompts, increasing the risk of unintended or malicious system changes if the agent is compromised by injected instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 08:39 PM
Security Audit — agent-trust-hub — codex