codex-task-waves
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill implements a robust orchestration workflow with built-in safety checks and boundaries.- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools such as
git(for version control operations like status, diff, log, and push) andgh(for GitHub pull request management). It also uses a Python one-liner to perform safe validation of JSON metadata produced by sub-agents.- [PROMPT_INJECTION]: The skill processes task descriptions from external sources like Jira and GitHub, which constitutes an indirect prompt injection surface. The risk is mitigated through the mandatory use of boundary markers (Scope blocks) and a specific prompt-injection-defuse line in the reviewer's instructions. - Ingestion points: Task descriptions from Jira, GitHub issues, and bug reports (referenced in the 'Identify' and 'Plan' phases).
- Boundary markers: Strict
## Scopesections with 'In scope' and 'Out of scope' definitions are required for every wave. - Capability inventory: The agent manages code changes via Git and triggers external execution through a secondary 'codex' dispatch system.
- Sanitization: Employs a 'prompt-injection-defuse line' to ensure that external content in the reviewer role is treated as an artifact rather than instructions.
Audit Metadata