codex-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto dynamically fetch and run tools required for its operation. - Evidence:
assets/templates/agents-sdk/python/codex_mcp_multiagent_workflow.pyusesnpx -y codex mcp-serverto launch the Codex MCP server. - Evidence:
assets/templates/agents-sdk/typescript/mcp-filesystem-example.tsusesnpx -y @modelcontextprotocol/server-filesystemto access the filesystem via MCP. - [COMMAND_EXECUTION]: The skill is designed to execute shell commands but includes robust guardrails.
- Evidence:
references/safety-and-execpolicy.mdoutlines a threat model and suggestsread-onlysandboxing by default. - Evidence:
assets/templates/execpolicy/default.rulesprovides a Starlark-based policy to block dangerous commands likesudoandrm -rf. - [PROMPT_INJECTION]: The skill provides patterns to mitigate indirect prompt injection from repository content.
- Evidence:
references/rag-and-memory.mdandreferences/context-personalization.mddiscuss treating retrieved memories and RAG chunks as untrusted input and using explicit delimiters to isolate them.
Audit Metadata