model-usage
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'codexbar' CLI utility from a third-party Homebrew tap ('steipete/tap/codexbar') as defined in the SKILL.md metadata.\n- [COMMAND_EXECUTION]: The script 'scripts/model_usage.py' uses 'subprocess.check_output' to run the 'codexbar' binary and retrieve JSON-formatted cost data.\n- [DATA_EXFILTRATION]: The skill accesses sensitive local file paths containing AI conversation history and usage logs, specifically within '
/.codex/sessions/' and '/.config/claude/projects/'.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data in 'scripts/model_usage.py' (via the 'load_payload' and 'run_codexbar_cost' functions) without boundary markers or content sanitization beyond standard JSON parsing. The script possesses command execution capabilities through subprocess calls while lacking measures to prevent instructions embedded in processed logs from influencing the agent's behavior.
Audit Metadata