Skills
skills/gexijin/vitiligo/codex-cli/Gen Agent Trust Hub

codex-cli

Warn

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The codex exec command allows for task execution which can involve running arbitrary shell commands.
  • [COMMAND_EXECUTION]: The skill documentation includes a danger-full-access sandbox mode that grants the CLI tool full access to the system, which poses a significant risk if misused.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: Untrusted source code and git diffs (SKILL.md). Boundary markers: No markers or warnings are used to distinguish instructions from data. Capability inventory: The tool can modify files via codex apply and execute tasks via codex exec. Sanitization: There is no sanitization of the code being reviewed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 3, 2026, 12:43 AM