The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates an Indirect Prompt Injection surface by processing untrusted data and allowing autonomous agent actions based on that data.
Ingestion points: The codex exec command reads and analyzes content from plan.md and various files within the project codebase.
Boundary markers: The instructions passed to the Codex tool do not include delimiters or specific guidance to ignore or isolate instructions embedded within the files being reviewed.
Capability inventory: The skill specifies that the agent should "Address immediately without asking" any feedback categorized as a 'critical issue,' which can include modifying the codebase.
Sanitization: There is no validation or sanitization of the feedback received from the Codex tool before it is interpreted by the agent as a set of instructions for modification.
[COMMAND_EXECUTION]: The skill utilizes a shell command template that involves environment-specific logic and dynamic path interpolation.
The bash script uses command -v to check for local utilities (timeout, gtimeout) and constructs a command string that incorporates absolute and relative file paths into a shell context for execution.

codex-review