Skills
skills/corygabrielsen/skills/loop-codex-review/Gen Agent Trust Hub

loop-codex-review

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses the Bash tool to execute legitimate developer CLI tools, including codex review, gh (GitHub CLI), and gt (Graphite CLI). These tools are used for their intended functions such as analyzing code diffs, identifying repository structures, and managing branches.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its core design of processing external data.
  • Ingestion points: The skill reads and parses output from the codex review CLI command, which is stored in temporary log files in the /tmp directory (e.g., in SKILL.md).
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions for sub-agents to ignore embedded commands when processing review comments.
  • Capability inventory: The skill can modify the local filesystem and execute shell commands through the Bash and Task tools used by its address-agents.
  • Sanitization: There is no explicit sanitization or validation process described for the review comments before they are interpolated into prompts for the Claude Task agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:44 AM