cross-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Requires the installation of the @openai/codex package from the npm registry, which is an official package from a well-known service provider.
- [COMMAND_EXECUTION]: Orchestrates the execution of local bash scripts run-codex-review.sh and cleanup-reviews.sh found within the plugin directory.
- [COMMAND_EXECUTION]: Directly invokes the codex CLI for automated review tasks and command execution.
- [PROMPT_INJECTION]: Identification of an indirect prompt injection surface (Category 8) during the ingestion of project artifacts.
- Ingestion points: The skill reads various project files including code, architecture plans, and design documents (SKILL.md, Step 1 and 2).
- Boundary markers: The skill does not specify the use of delimiters or instructions to ignore embedded commands within the files being reviewed.
- Capability inventory: The workflow can spawn multiple sub-agents, modify local files via other skills or the Edit tool, and execute shell commands through scripts and the Codex CLI.
- Sanitization: No sanitization or validation of the content of the target files is performed before they are passed to the AI agents.
Audit Metadata