Skills
skills/majiayu000/claude-arsenal/codex/Gen Agent Trust Hub

codex

Fail

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to dynamically construct shell commands using unvalidated strings provided by the user, such as directory paths in the -C flag and model configurations.
  • [COMMAND_EXECUTION]: The usage pattern echo "your prompt here" | codex exec ... in SKILL.md is vulnerable to shell command injection. A malicious or accidental input containing shell metacharacters could result in arbitrary code execution on the host system.
  • [COMMAND_EXECUTION]: The instructions explicitly guide the agent to use dangerous flags like --sandbox danger-full-access and --full-auto, which grant the external process broad permissions and can lead to unauthorized system or network access.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data without proper safeguards.
  • Ingestion points: User-provided prompts and parameters in SKILL.md and README.md.
  • Boundary markers: Absent; user input is directly embedded into shell commands or piped via stdin.
  • Capability inventory: Execution of the codex CLI with potentially unlimited system access via the danger-full-access flag.
  • Sanitization: No input validation, escaping, or sanitization logic is present in the instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 19, 2026, 07:18 AM