skills/ubie-inc/agent-skills/codex/Gen Agent Trust Hub

codex

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill is designed to execute the codex command-line tool with natural language instructions. While it supports a read-only sandbox, it also uses workspace-write and --full-auto, allowing the tool to autonomously modify files in the user's workspace.
  • PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection. The skill is highly susceptible to indirect injection because its primary function is to analyze and refactor existing codebases.
  • Ingestion points: Any source file or documentation in the local workspace being processed (e.g., UserService.kt).
  • Boundary markers: Absent. The instructions are passed as raw strings to the CLI.
  • Capability inventory: The skill can read all project files and write changes back to the filesystem when using the workspace-write sandbox.
  • Sanitization: None. The skill does not sanitize or validate the content of the files it analyzes before processing them with the AI model.
  • COMMAND_EXECUTION (LOW): The execution protocol mandates the use of --skip-git-repo-check, which explicitly bypasses a safety feature of the Codex tool. Additionally, the systematic use of 2>/dev/null to suppress standard error hides potentially critical warnings or security-related error messages from the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:50 PM
Security Audit — agent-trust-hub — codex