skills/yamadashy/skills/codex-exec/Gen Agent Trust Hub

codex-exec

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to invoke the codex CLI via bash. It documents high-privilege sandbox modes such as danger-full-access and the --dangerously-bypass-approvals-and-sandbox flag, which allows the sub-agent to perform actions without user confirmation or environment restrictions.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the @openai/codex package from the npm registry. This is an official package from a well-known service.
  • [PROMPT_INJECTION]: The skill facilitates the processing of arbitrary user instructions by interpolating them into shell commands. This creates an attack surface for indirect prompt injection.
  • Ingestion points: The <task> placeholder and standard input in codex exec commands are populated by user-controlled text.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
  • Capability inventory: The skill utilizes the Bash tool for command execution, allowing for file system access and system modification depending on the chosen sandbox mode.
  • Sanitization: No sanitization or validation of the user-provided prompt is performed before it is passed to the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:53 AM
Security Audit — agent-trust-hub — codex-exec