Skills
skills/melodic-software/claude-code-plugins/codex-cli-docs/Gen Agent Trust Hub

codex-cli-docs

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its core function of ingesting and processing documentation from external sources.
  • Ingestion points: scripts/core/scrape_docs.py (fetches remote content) and scripts/core/find_docs.py (retrieves indexed content for the agent).
  • Boundary markers: The documentation body is presented to the agent without explicit delimiters or instructions to disregard embedded commands.
  • Capability inventory: The skill allows Bash tool usage and performs file system writes and network requests via subprocess and requests.
  • Sanitization: It uses BeautifulSoup and markdownify to convert content from HTML to markdown, but does not filter for natural language instructions that could influence agent behavior.
  • [COMMAND_EXECUTION]: scripts/utils/script_utils.py contains logic to automatically install the pyyaml package via pip using subprocess.check_call if it is not found in the environment.
  • [EXTERNAL_DOWNLOADS]: scripts/core/scrape_docs.py fetches documentation content and indices from developers.openai.com, which is a well-known service owned by OpenAI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 08:52 AM