Skills
skills/erdinccurebal/cli-session-skills/codex-cli-session/Gen Agent Trust Hub

codex-cli-session

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill uses user input directly in shell command arguments without sanitization or protective delimiters. Malicious user prompts could potentially manipulate the behavior of the Codex CLI.\n
  • Ingestion points: User prompts are interpolated into the codex exec resume command in SKILL.md.\n
  • Boundary markers: No delimiters or ignore instructions are present to encapsulate the user input.\n
  • Capability inventory: The skill executes commands via the codex CLI utility.\n
  • Sanitization: No input validation or character escaping is defined for user-provided prompts.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The agent is instructed to read ~/.codex/session_index.jsonl to recover session data. Accessing configuration files in the user's home directory is a sensitive operation, although it is central to the skill's purpose.\n- [DYNAMIC_EXECUTION]: The skill constructs and executes shell commands dynamically at runtime using concatenated session IDs and user prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 09:01 AM