score-optimizer
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The file
references/score_program.mdcontains instructions that command the agent to "LOOP FOREVER" and "Never stop." It explicitly directs the agent to bypass human-in-the-loop oversight by not pausing for user confirmation during the optimization cycle, which overrides standard safety protocols. - [COMMAND_EXECUTION]: The script
scripts/run_scoring.pyexecutes an external CLI tool usingsubprocess.run. The path to this tool is derived from theCODEX_CLI_PATHenvironment variable, which could allow for the execution of untrusted binaries if the environment is misconfigured. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection in
scripts/run_scoring.pybecause it interpolates raw content from user-provided articles directly into the prompt without sanitization. - Ingestion points: Article files are read from the
assets/articles/samples/directory byscripts/run_scoring.py. - Boundary markers: The script uses basic markdown headers as delimiters but provides no instructions for the model to ignore potential instructions embedded within the article text.
- Capability inventory: The skill has the capability to execute shell commands (
codex) via thesubprocess.runfunction. - Sanitization: No escaping, validation, or filtering is performed on the article content before it is added to the prompt.
Audit Metadata