Skills
skills/jpcaparas/skills/scaffold-codex-hooks/Gen Agent Trust Hub

scaffold-codex-hooks

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's behavior is entirely consistent with its documented purpose. It performs project profiling and configuration management using standard developer tools and local file system operations.
  • [COMMAND_EXECUTION]: The skill uses shell scripts and Python's subprocess module to execute git, jq, rg, and the codex CLI. These operations are necessary for repository auditing and managing feature flags.
  • [EXTERNAL_DOWNLOADS]: Instructions and references point to official OpenAI developer documentation and GitHub repositories for schema verification and informational purposes.
  • [PROMPT_INJECTION]: The skill audits project metadata (such as file paths and script names) and interpolates this data into its output and generated hook scripts. This creates a surface for indirect prompt injection; however, the skill uses structured data (JSON) and escaping during script generation to mitigate potential risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 12:18 AM