codex-cli-specialist
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes Python scripts that parse user-provided markdown and YAML files to generate configuration for AI agents, creating a potential surface for indirect prompt injection.
- Ingestion points: codex_skill_converter.py and skills_index_builder.py read and parse content from SKILL.md and openai.yaml files.
- Boundary markers: The generated outputs do not currently include explicit boundary markers or instructions to ignore embedded commands.
- Capability inventory: The scripts are capable of reading from and writing to the local filesystem to create skill configurations and manifests.
- Sanitization: The scripts perform structural parsing but do not validate the safety of the natural language content before including it in generated agent instructions.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing the @openai/codex package from the official npm registry, which is a trusted source for developer tools.
Audit Metadata