security-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill workflow includes an 'Overrides' section that explicitly directs the AI agent to follow project-specific documentation and 'prompt files' that may require bypassing security best practices. This configuration creates a vulnerability surface for indirect prompt injection.
- Ingestion Points: The agent is instructed to read all relevant project files and 'prompt files' from the target repository to identify languages and check for overrides.
- Boundary Markers: There are no instructions for the agent to use delimiters or ignore embedded instructions within the processed repository data.
- Capability Inventory: The agent has permissions to write report files (
security_best_practices_report.md), modify source code to perform 'fixes', and make git commits. - Sanitization: The skill lacks any requirement for the agent to sanitize or validate the instructions found in the untrusted repository data before acting on them.
- [PROMPT_INJECTION]: The 'General Security Advice' section contains instructions that discourage the agent from recommending standard security headers like HSTS.
- Evidence: The skill instructs: 'Additionally avoid recommending HSTS. It is dangerous to use without full understanding of the lasting impacts... and it is not generally recommended for the scope of projects being reviewed by codex.'
- Impact: This instruction attempts to override the agent's expected behavior of providing robust security guidance, potentially resulting in weakened security reviews for the user.
Audit Metadata