research
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'codex' utility in 'SKILL.md' and 'references/CODEX_COMMANDS.md' with flags '--dangerously-bypass-approvals-and-sandbox' and '--skip-git-repo-check'. These flags are designed to circumvent security boundaries and user approval workflows during command execution.
- [PROMPT_INJECTION]: The skill's workflow involving web search results presents a surface for Indirect Prompt Injection. 1. Ingestion points: Web search results retrieved via the 'codex' command in 'references/CODEX_COMMANDS.md'. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used. 3. Capability inventory: 'Bash(codex *)' in 'SKILL.md' provides command execution capabilities. 4. Sanitization: Absent; no validation or filtering of external content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata