use-codex-llm
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes 'user intent' and 'user requests' as part of its 'Instruction Priority Contract' in SKILL.md. It lacks explicit delimiters (such as XML tags or boundary markers) or specific instructions to ignore malicious directives within user-provided data. This configuration is susceptible to indirect prompt injection where external data could influence the agent to deviate from its intended protocol. Ingestion points: User requests and intent parsing (SKILL.md). Boundary markers: Absent. Capability inventory: Terminal command execution via 'command_run' and tool calls via 'tool_call' (SKILL.md). Sanitization: Absent.
- [COMMAND_EXECUTION]: The 'Action-Type Contract' and 'Command Execution Contract' in SKILL.md explicitly instruct the agent to run terminal commands to advance tasks. This provides the agent with high-level system access which, when coupled with the ingestion of untrusted user intent without sanitization, presents a risk of executing unauthorized or harmful commands.
Audit Metadata