Skills
skills/yanyang1116/skills/openclaw-codex-deep-search/Gen Agent Trust Hub

openclaw-codex-deep-search

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the user-supplied query is directly interpolated into a system instruction string passed to the Codex CLI agent. An attacker could craft a prompt to override the constraints defined in the skill's script.
  • Ingestion points: The --prompt argument in 'scripts/search.sh' receives arbitrary text from the user.
  • Boundary markers: The script uses a 'CRITICAL RULES' section to guide the agent, but lacks robust delimiters or escaping to isolate user-controlled input from instructions.
  • Capability inventory: The Codex CLI is executed with permissions to perform web searches (--search), run autonomously (--full-auto), and write to the filesystem (--add-dir).
  • Sanitization: No validation or sanitization is performed on the prompt content before it is passed to the execution environment.
  • [COMMAND_EXECUTION]: The script resolves and executes an external binary ('codex') by searching through multiple locations, including environment-specific paths like npm and nvm directories. While arguments are handled safely, this path resolution logic could potentially target an unintended binary if the host environment is misconfigured.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 11:06 AM
Security Audit — agent-trust-hub — openclaw-codex-deep-search