codex-wrapped
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill invokes local scripts (
get_codex_stats.pyandreport.sh) to process data and render a report. This behavior is transparently documented and aligns with the primary purpose of the skill. - [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it reads and processes local Codex logs. (1) Ingestion points: Local Codex logs processed via command-line scripts. (2) Boundary markers: Absent; the skill instructions do not mandate delimiters or specific instructions for the agent to ignore embedded commands. (3) Capability inventory: Subprocess execution (python3, sh) and file writing to /tmp/wrapped_stats.json. (4) Sanitization: Not verifiable as the internal source code for the stats and report scripts is not provided within the skill files.
Audit Metadata