Skills
skills/lploc94/codex_skill/codex-think-about/Gen Agent Trust Hub

codex-think-about

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local runner script executed via node to manage the lifecycle of the reasoning process (starting, polling, and stopping threads).
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install an external package from the author's GitHub repository using npx github:lploc94/codex_skill. This is documented as a vendor-owned resource.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from the local project environment.
  • Ingestion points: The skill reads project files and git diffs using tools like cat, rg, and git diff, and incorporates a user-provided {QUESTION} into its reasoning prompts.
  • Boundary markers: Prompt templates in references/prompts.md lack explicit delimiters or instructions to ignore potential commands embedded within the project files.
  • Capability inventory: The skill executes shell commands via a Node.js runner script to interface with the Codex CLI.
  • Sanitization: No explicit sanitization or filtering of the content read from project files is observed before it is interpolated into the prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:36 PM