codex-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/print_codex_changelog.pyexecutes the commandcodex --versionto identify the local installation version. This is a standard version check using a specific binary and does not involve user-controlled input.\n- [EXTERNAL_DOWNLOADS]: The skill fetches release metadata and changelog content from the official OpenAI Codex repository via the GitHub API. This is a legitimate operation targeting a well-known service.\n- [DATA_EXFILTRATION]: Performs network requests to the GitHub API to fetch public information. No sensitive credentials or private files are accessed or transmitted.\n- [PROMPT_INJECTION]: The skill processes and prints the 'body' of GitHub releases, which is untrusted external data. This creates an indirect prompt injection surface; however, the risk is mitigated as the source is a trusted official repository.\n - Ingestion points: The
bodyfield from the GitHub API response inscripts/print_codex_changelog.py.\n - Boundary markers: Absent; content is printed directly.\n
- Capability inventory: Local command execution via
subprocess.check_output(filescripts/print_codex_changelog.py).\n - Sanitization: None.
Audit Metadata