loopback
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the iterative execution of the codex CLI tool using a Bash driver script. It allows users to pass custom arguments to the command through the CODEX_LOOPBACK_CODEX_ARGS environment variable, facilitating flexible integration with development environments.
- [PROMPT_INJECTION]: The skill defines strict behavioral guidelines for the agent within its command prompts. These instructions, labeled as 'CRITICAL' rules, direct the agent to only signal completion when tasks are fully verified, preventing the loop from terminating prematurely based on inaccurate progress reports.
- [PROMPT_INJECTION]: A potential indirect prompt injection surface exists as the skill processes and re-executes user-supplied prompts through the Codex CLI.
- Ingestion points: The user-provided PROMPT in setup-loopback.sh.
- Boundary markers: Prompts are stored in .codex/loopback.local.md and read back without additional delimiters.
- Capability inventory: The skill can invoke codex exec and codex exec resume repeatedly.
- Sanitization: Input prompts are used directly as provided by the user without filtering or sanitization.
- [SAFE]: The skill implements safe data handling by using yaml.safe_load() in its Python manager script to prevent arbitrary code execution during state file parsing. It also includes comprehensive help guides and a dry-run mode to assist users in safely configuring the iterative loop.
Audit Metadata