Skills
skills/ianchenx/ian-skills/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the codex exec CLI tool to perform analysis. These commands are executed via a shell with the --sandbox read-only flag enabled. While sandboxed, the commands are constructed using dynamic content from external files, which requires proper escaping to prevent shell injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code diffs and source files. Maliciously crafted comments or code patterns within these files could attempt to influence the behavior or findings of the reviewer lenses.
  • Ingestion points: Code diffs, plans, and source files identified during the scoping step (SKILL.md, Step 1).
  • Boundary markers: The prompt templates for the Skeptic, Architect, and Minimalist lenses do not include explicit delimiters or instructions to ignore instructions embedded within the code content.
  • Capability inventory: The skill has the capability to execute shell commands using the codex utility (SKILL.md, Step 2).
  • Sanitization: There is no mention of sanitizing or escaping code content before it is interpolated into the prompt strings for the shell command.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:48 AM