run-codex-exec
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local scripts, including a Node.js dispatcher (
node skills/use-codex/skills/use-codex/scripts/use-codex.mjs) and a detached Bash runner (bash scripts/run-fleet.sh). These tools orchestrate parallel coding tasks and manage the git lifecycle across multiple worktrees.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing user-controlled input from atasks.jsonfile which is used to drive automated coding agents.\n - Ingestion points: User-provided
tasks.jsonfile containing discrete coding tasks (referenced in 'How to route' section).\n - Boundary markers: The shim does not implement explicit boundary markers or delimiters for ingested data, relying instead on downstream contracts within the 'use-codex' skill.\n
- Capability inventory: The skill possesses the ability to execute shell scripts, Node.js applications, manage git worktrees, and perform automated commits.\n
- Sanitization: No specific sanitization or validation of input file content is described in the shim instructions.
Audit Metadata