run-codex-review
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies shell commands to be executed for various routing scenarios, such as running
nodeon local scripts (e.g.,node skills/orchestrate-codex/skills/orchestrate-codex/scripts/orchestrate-codex.mjs). These commands are intended to be executed in the user's local environment.- [COMMAND_EXECUTION]: The skill performs prerequisite checks using CLI tools includingcodex --version,git rev-parse, andcodex login statusto verify the environment before routing the user to a canonical skill.- [PROMPT_INJECTION]: The skill ingests untrusted user input in the form of branch names and branch lists which are then interpolated into shell command templates. This represents an indirect prompt injection surface. - Ingestion points: User-provided branch names or lists from
branches.txtas described in SKILL.md. - Boundary markers: None are present in the provided command templates to delimit the interpolated input.
- Capability inventory: The skill facilitates the execution of local node scripts with access to the file system and project environment.
- Sanitization: No explicit sanitization, validation, or escaping of the user-provided branch strings is defined within this routing shim.
Audit Metadata