codex-review
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation command
npx skills add -g BenedictKing/codex-reviewdownloads content from an untrusted GitHub user. This source is not included in the [TRUST-SCOPE-RULE] whitelist, making the dependency unverifiable. - REMOTE_CODE_EXECUTION (HIGH): The skill references an external 'Codex CLI' and installs a third-party package. Executing code from untrusted sources like
BenedictKing/codex-reviewpresents a significant risk of arbitrary command execution on the host system. - PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted source code and metadata during the 'code review' process (SKILL.md).
- Boundary markers: None specified; the skill lacks delimiters to separate instructions from the code being reviewed.
- Capability inventory: The skill possesses 'auto CHANGELOG generation' capabilities (SKILL.md), which requires file-system write access to the project root.
- Sanitization: There is no evidence of sanitization or filtering of the processed code. An attacker could embed malicious instructions in code comments to manipulate the generated CHANGELOG or influence downstream agent decisions.
Recommendations
- AI detected serious security threats
Audit Metadata