Skills
skills/cathrynlavery/codex-skill/codex/Gen Agent Trust Hub

codex

Fail

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to utilize the codex CLI with the --dangerously-bypass-approvals-and-sandbox flag. This parameter is specifically designed to circumvent security boundaries and automated approval workflows, granting the tool unrestricted execution capabilities within the host environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and processing local repository content (such as CLAUDE.md files and codebase patterns). Maliciously crafted data within these files could influence the behavior of the codex tool.
  • Ingestion points: Processes codebase files, project documentation (CLAUDE.md), and CLI outputs from rg or git log (SKILL.md).
  • Boundary markers: Absent; the prompt templates provided do not include delimiters or instructions to ignore embedded commands in the source data.
  • Capability inventory: Executes arbitrary queries and commands via codex exec with sandboxing disabled.
  • Sanitization: No evidence of escaping or validation is present for the data interpolated into the CLI queries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 24, 2026, 07:28 PM