Skills
skills/jmerta/codex-skills/coding-guidelines-verify/Gen Agent Trust Hub

coding-guidelines-verify

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill's primary workflow involves parsing and executing commands specified in a JSON block within AGENTS.md files. Specifically, the format, lint, and test keys in references/verifiable-block.md allow for arbitrary shell command strings.
  • [REMOTE_CODE_EXECUTION] (HIGH): Because the skill is designed to run on 'changed files' in a repository, an attacker can submit a Pull Request containing a malicious AGENTS.md file. If the agent is used to verify the PR, it will execute the attacker's commands in the local environment.
  • [DATA_EXFILTRATION] (MEDIUM): The ability to execute arbitrary commands can be trivially used to read sensitive environment variables, configuration files, or SSH keys and transmit them to a remote server (e.g., via curl).
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from the workspace which influences agent behavior and command execution.
  • Ingestion points: AGENTS.md files located within the project's directory structure.
  • Boundary markers: None. The agent treats the content of the codex-guidelines block as a trusted 'source of truth'.
  • Capability inventory: Execution of shell commands (format, lint, test) and reporting results.
  • Sanitization: None. There is no validation or sandboxing of the commands extracted from the AGENTS.md files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:08 PM