Skills
skills/willbooster/agent-skills/review-fix-codex/Gen Agent Trust Hub

review-fix-codex

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and executes the @willbooster/agent-skills package from the NPM registry using bunx. Since the package is owned by the skill author (WillBooster), this is a vendor-native dependency.
  • [COMMAND_EXECUTION]: The workflow involves executing shell commands through bunx and performing Git operations like commit and push to apply code fixes.
  • [PROMPT_INJECTION]: The skill processes output from an external tool as instructions for modifying source code, which represents an indirect prompt injection surface. The risk is managed by the agent's instruction to verify comment validity and the use of trusted vendor tooling. Ingestion points: output from the review command in SKILL.md; Boundary markers: absent; Capability inventory: file system modification and Git push operations; Sanitization: absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM