codex
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to execute the
codex-wrappercommand with broad permissions to analyze and refactor codebases using the@syntax for file references. - [EXTERNAL_DOWNLOADS]: The documentation references an
install.shscript and GitHub Releases for tool installation, creating a dependency on an external, unverified binary. - [DATA_EXFILTRATION]: The skill includes instructions to specifically 'Flag hardcoded credentials or secrets' and 'Review authentication/authorization logic' across an entire repository (
@.), which creates a surface for identifying and potentially exposing sensitive data. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data (source code) which could contain malicious instructions meant to manipulate the AI's refactoring or analysis tasks.
- Ingestion points: Files referenced via
@syntax or repository-wide scans (@.). - Boundary markers: Uses HEREDOC syntax (
<<'EOF') to separate commands from the shell environment. - Capability inventory: Filesystem access, code refactoring, and binary execution via the
codex-wrappertool. - Sanitization: No explicit sanitization of the content within the code files being analyzed is mentioned.
Audit Metadata