codex-qa
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs users to install '@openai/codex' and 'codex' via Homebrew, neither of which are official OpenAI distributions. This creates a risk of supply chain attacks through malicious or typosquatted packages.
- [Command Execution] (HIGH): The skill executes 'codex exec "question"' where 'question' is user-provided input. Within a shell context, double quotes allow for command substitution, enabling an attacker to execute arbitrary commands on the system.
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect injection as it processes untrusted user input and uses it to drive a CLI with execution capabilities. Ingestion points: User questions. Boundary markers: None present. Capability inventory: Command execution via the codex CLI. Sanitization: No evidence of input validation or shell escaping.
Recommendations
- AI detected serious security threats
Audit Metadata