codex
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading and interpolating untrusted data from git diffs and project plan files into instructions for the Codex AI. Ingestion occurs in 'Review', 'Challenge', and 'Consult' modes. Boundary markers like the 'filesystem boundary' prompt are used to advise the AI against accessing sensitive files, but no structural sanitization or escaping is performed on the ingested content.
- [COMMAND_EXECUTION]: The skill performs dynamic execution by using
evalandsourceon the output of local helper binaries such asgstack-slugandgstack-repo-modeto configure its environment. These binaries are part of the skill's local directory structure and are used for project context recovery and configuration.
Audit Metadata