Skills
skills/adhi-jp/agent-skills/codex-review-cycle/Gen Agent Trust Hub

codex-review-cycle

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains phrases like 'IGNORE PREVIOUS INSTRUCTIONS' within its instructions. However, these are documented as defensive examples in the 'Inested-data Trust Contract' and 'Inert-data treatment' sections. The skill instructs the agent to treat external content (git logs, diffs, file reads) as inert data and specifically ignore any imperative instructions found within those data streams. The static analysis flags are confirmed as false positives in this context.
  • [DATA_EXFILTRATION]: The skill includes an 'External-source rule' that allows the agent to fetch documentation or source code from trusted registries (npmjs, pypi, crates.io) and multi-tenant hosts (GitHub, GitLab) during the validity check phase. These fetches are strictly governed by 'Owner/repo binding' and 'Version/ref binding' logic to ensure the agent only reads relevant, public information related to project dependencies. There is no evidence of sending sensitive local data to unauthorized external endpoints.
  • [COMMAND_EXECUTION]: The skill executes shell commands (primarily git and node) to facilitate the review process. It includes a detailed specification for 'Shell argument escaping' using heredocs (<<'EOF') and positional argument separators (--) to prevent command injection when passing untrusted focus text or file paths to the bash environment.
  • [CREDENTIALS_UNSAFE]: The skill incorporates a 'Secret Hygiene' overlay (referenced from an external utility skill) that identifies and redacts potential secrets (API keys, tokens) before they are displayed in the UI or passed back to the review model. This acts as a proactive defense against credential exposure in code reviews.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies that git logs, diffs, and processed code are untrusted data sources. It mitigates this risk by wrapping all such data in XML CDATA blocks and providing explicit boundary instructions to the model. A 'validity checklist' further requires the agent to manually verify all claims against the actual file content before taking action.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:37 AM