Skills
skills/mantinedev/mantine/codex-code-review/Gen Agent Trust Hub

codex-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git diff and codex review --uncommitted in the shell to retrieve and analyze code changes.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes text from an external source (the output of the review tool) and is directed to "apply valid fixes directly" and "run the review automatically without asking the user for confirmation". This lack of a human-in-the-loop increases the risk that malicious content in the reviewed code could be executed or applied as a fix.
  • [PROMPT_INJECTION]: Mandatory Evidence Chain for Category 8: (1) Ingestion points: The agent reads data from the codex review shell output in SKILL.md. (2) Boundary markers: None; there are no delimiters to separate external data from instructions. (3) Capability inventory: The agent can execute shell commands and modify local files. (4) Sanitization: None; the skill relies on the model to judge validity without explicit filtering or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:43 AM