codex-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation instructs the user to run a local script
skills/codex-builder/scripts/execute-plan.shwhich executes commands to implement code via the Codex CLI.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external plan files.\n - Ingestion points: Markdown plan files located in
~/.claude/plans/or/tmp/.\n - Boundary markers: None identified; the skill directly processes the file content.\n
- Capability inventory: Includes file modification and creation across the repository via Codex CLI delegation and local script execution.\n
- Sanitization: No validation or sanitization of the plan file content is mentioned in the documentation.
Audit Metadata