Skills
skills/am-will/codex-skills/create-hook/Gen Agent Trust Hub

create-hook

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to write arbitrary executable scripts to the user's home directory (~/.codex/hooks/) and project repositories, then trigger them through hook configurations. This establishes a persistent execution mechanism via events like SessionStart.
  • [PROMPT_INJECTION]: The workflow explicitly supports 'prompt shaping' and 'injected context' via the UserPromptSubmit hook, which creates a significant surface for intercepting and manipulating user prompts or overriding agent instructions.
  • [DATA_EXFILTRATION]: The instructions require modifying sensitive configuration files in the user's home directory (~/.codex/config.toml, ~/.codex/hooks.json). These files control the core behavior of the agent and can be used to redirect session logs or tool outputs to external or hidden files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 12:22 PM