Skills
skills/feiskyer/codex-settings/autonomous-skill/Gen Agent Trust Hub

autonomous-skill

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The run-session.sh script interpolates user-provided task descriptions directly into the agent prompts without sanitization, enabling direct prompt injection that can override the skill's logic.
  • [REMOTE_CODE_EXECUTION]: The skill includes a --network flag that invokes codex exec with the --dangerously-bypass-approvals-and-sandbox option. This configuration explicitly disables all security protections, allowing the agent to download and run arbitrary code from the internet without human approval or isolation.
  • [COMMAND_EXECUTION]: The skill orchestrates an autonomous loop using the codex exec --full-auto flag, granting the AI agent the capability to execute shell commands and modify local files without intervention across multiple sessions.
  • [DATA_EXFILTRATION]: Instructions in executor-prompt.md direct the agent to read project files and git history; combined with the unrestricted network access provided by the --network flag, this creates a high risk for the unauthorized exfiltration of sensitive data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 05:37 AM