Skills
skills/cathrynlavery/codex-skill/codex/Gen Agent Trust Hub

codex

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mandates the use of the codex CLI with the --dangerously-bypass-approvals-and-sandbox flag. This flag is explicitly intended to disable the tool's sandbox environment and skip user approval prompts for actions, which allows for unrestricted and unmonitored command execution on the host system.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its data processing flow.\n
  • Ingestion points: The agent is instructed to collect 'Repository evidence' via rg and git log and read codebase files (SKILL.md).\n
  • Boundary markers: The provided prompt templates lack delimiters or 'ignore' instructions to separate user-provided task descriptions from potentially malicious content within the repository files.\n
  • Capability inventory: The skill utilizes codex exec with a sandbox bypass flag, providing a high-privilege execution environment for any instructions parsed from the data.\n
  • Sanitization: There is no evidence of content validation or escaping before repository data is passed into the command string.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 12:35 AM