codex-cli-bridge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill is designed to interact with the system via the
codexCLI tool. It uses Python wrappers to execute shell commands likecodex exec. While this is the primary purpose of the skill, it represents a capability that could be abused if the agent is influenced by malicious instructions. - PROMPT_INJECTION (LOW): Identified as a Category 8 (Indirect Prompt Injection) vulnerability. The skill ingests untrusted data from project files (specifically
CLAUDE.md) to generate a new documentation file (AGENTS.md) intended for use by another AI agent. - Ingestion points: The
claude_parser.pyandproject_analyzer.pymodules read local project files and directory structures. - Boundary markers: The provided code does not show explicit delimiters or 'ignore' instructions when interpolating parsed content into the generated
AGENTS.mdtemplates. - Capability inventory: The skill possesses the ability to execute shell commands via
codex_executor.pyand write files to the project root. - Sanitization: No evidence of input sanitization or validation was found in the parsing logic, allowing potential malicious instructions in a project's
CLAUDE.mdto be reflected into the AI-facingAGENTS.mdfile.
Audit Metadata