Skills
skills/creator-hian/claude-code-plugins/codex-claude-loop/Gen Agent Trust Hub

codex-claude-loop

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local shell commands such as mkdir and git to initialize the workflow environment and manage repository state. It also constructs codex exec commands that interpolate the content of local markdown files using command substitution.
  • [DATA_EXFILTRATION]: Implementation plans and source code summaries are transmitted to an external service (OpenAI Codex) for review and validation. This data transfer is documented as the core functionality of the dual-AI engineering loop.
  • [PROMPT_INJECTION]: The skill processes project-specific data which creates an indirect prompt injection surface.
  • Ingestion points: Untrusted content is read from .codex-loop/plan.md and .codex-loop/implementation.md.
  • Boundary markers: The skill uses Markdown headers and structured templates to separate instructions from data content.
  • Capability inventory: The skill has the capability to write and read files and execute network-bound CLI commands via codex exec.
  • Sanitization: No explicit sanitization or escaping of the file content is performed before it is interpolated into commands or prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:39 AM