codex-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow for processing untrusted code diffs, which introduces a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read code changes (diffs) from local repositories and pass them to tool calls in SKILL.md.
- Boundary markers: The prompt templates in references/prompts.md do not include specific delimiters or instructions to ignore commands that may be embedded within code comments or string literals in the reviewed diff.
- Capability inventory: The skill utilizes tools to analyze and suggest modifications for local files.
- Sanitization: The workflow does not specify any sanitization or filtering of the source code content before it is processed by the model. This risk is inherent to the skill's primary purpose of code review and is mitigated by the specified 'read-only' sandbox constraint.
Audit Metadata