codex-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
git diffandcodex reviewto perform its primary function of code analysis. These operations are restricted to the local repository context.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install the@openai/codexpackage. Since this package is within the@openaiscope belonging to a trusted organization, it is considered a safe dependency reference.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data fromgit diffas part of the AI review process. \n - Ingestion points: Data enters the agent context via
git diffoutput.\n - Boundary markers: No explicit delimiters are used to wrap the diff content in the shell command.\n
- Capability inventory: The skill can execute local shell commands and write a review file to the repository.\n
- Sanitization: No filtering or sanitization of the input diff is performed. This is documented as an inherent architectural trait of a code review tool and does not escalate the severity.\n- [CREDENTIALS_UNSAFE]: The skill mentions the
OPENAI_API_KEYenvironment variable as a configuration requirement. It does not attempt to hardcode, log, or exfiltrate this credential.
Audit Metadata