codex
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes structured templates to interface with an external Codex model. While it processes data from the local filesystem (e.g., code files and git diffs), it employs Markdown boundary markers to separate this context from the model's instructions. This addresses the surface for indirect prompt injection common in context-aware tools.\n
- Ingestion points: Reads project files, git diffs, and configuration files (package.json, requirements.txt, etc.).\n
- Boundary markers: Uses Markdown headers and code blocks to delimit ingested data within templates.\n
- Capability inventory: Interactions are directed to the
mcp__codex__codextool.\n - Sanitization: Relies on structural delimiters for context separation.\n- [DATA_EXFILTRATION]: The skill is designed to read project source code and metadata to provide technical insights. This data is transmitted to the Codex MCP server as part of the intended functionality. No unauthorized data exfiltration was detected.
Audit Metadata