ask-codex
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill grants the agent broad access to the
codexcommand viaBash(codex *). This allows the agent to execute any subcommand and flag, including functionality for automatic code execution and system modification. - [REMOTE_CODE_EXECUTION] (LOW): The
--full-autoflag enables "automatic execution" of generated code. While the description mentions a "workspace-write sandbox," the security and constraints of this sandbox are not defined within the skill and are entirely dependent on the localcodexinstallation. - [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8) as it processes natural language tasks that may contain malicious instructions.
- Ingestion points: The query string passed to the
codex execcommand inSKILL.mdexamples. - Boundary markers: Absent. Input is interpolated directly into the shell command string.
- Capability inventory: The skill allows file writing and potentially arbitrary code execution via the CLI's native features.
- Sanitization: None. The skill does not validate or escape the query before passing it to the shell execution environment.
Audit Metadata