Skills
skills/ligphidonk/oh-my--paper/codex-dispatch/Gen Agent Trust Hub

codex-dispatch

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by delegating project tasks to a sub-agent with full autonomy.
  • Ingestion points: Task descriptions derived from project context or user input are passed to the -p parameter of the codex command in SKILL.md.
  • Boundary markers: The skill lacks delimiters or specific instructions to isolate or ignore potentially malicious commands embedded within the task descriptions.
  • Capability inventory: The skill uses the bash tool to execute codex with the --approval-mode full-auto flag, enabling the sub-agent to modify files or execute code without manual checkpoints.
  • Sanitization: No validation or sanitization of the input string is performed before it is passed to the shell.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use bash to invoke the codex CLI. The use of full automation for a sub-agent interacting with the codebase increases the risk of the agent performing unauthorized operations if the input is manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 01:26 PM