Skills
skills/jxnl/dots/subagent/Gen Agent Trust Hub

subagent

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): This skill exposes a surface for indirect prompt injection (Category 8) by passing prompts to a sub-agent process with significant capabilities.
  • Ingestion points: The scripts/run.sh script accepts a prompt via the $prompt argument.
  • Boundary markers: Absent. No delimiters or safety instructions are used to distinguish between user-provided data and agent instructions.
  • Capability inventory: As documented in resources/references/codex-exec.md, the codex exec tool can read files, write to the workspace, and perform scripted actions.
  • Sanitization: Absent. Input is passed directly to the shell command without validation or escaping.
  • [COMMAND_EXECUTION] (LOW): The skill intentionally executes the codex CLI tool to perform codebase exploration. While the tool supports high-privilege flags like --yolo and dangerous sandbox modes, this execution is the intended primary purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM