search-it-bulk-by-codex
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies heavily on Bash scripts to manage a "fan-out" search architecture. This includes directory creation, loop-based file processing, background process management, and the use of utilities like
grep,sed, andwcfor progress tracking and summary generation. - [DYNAMIC_EXECUTION]: The orchestration logic dynamically generates subagent prompt files (
*-prompt.txt) using heredocs and then executes them viacodex exec. This pattern of runtime script generation and execution is used to distribute tasks across multiple workers based on local file inputs. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Subagents are instructed to read and process data from
*-question.mdfiles (Category 8). If these questions contain adversarial instructions, a subagent might deviate from its intended search task. - Ingestion points: Subagents read questions from
.agent-docs/qa-session/001-question.md. - Boundary markers: None present in the subagent prompt to delimit untrusted data.
- Capability inventory: Subagents can perform web searches (
codex --search) and write files to the workspace. - Sanitization: No escaping or validation is performed on the content of the question files before processing.
Audit Metadata