The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The script codex_review.py executes the codex CLI via subprocess.run. The documentation in codex_cli_reference.md indicates the tool supports dangerous configurations such as --sandbox danger-full-access and --full-auto. Exposing these features through a script that accepts arbitrary user input for targets and contexts creates a risk for command execution outside of the intended scope.\n- [PROMPT_INJECTION] (LOW): User-controlled variables such as target and context are directly interpolated into LLM prompts without sanitization. This allows for prompt injection where malicious input could alter the behavior of the code review or potentially influence the underlying CLI's execution logic.\n- [DATA_EXFILTRATION] (LOW): The skill is designed to process local codebase content. An attacker using prompt injection could potentially leverage the CLI's capabilities to exfiltrate sensitive source code or environmental information, especially if non-restrictive sandbox modes are active.\n- [CREDENTIALS_UNSAFE] (SAFE): Documentation includes placeholders like sk-... and your-api-key. These are not valid secrets and do not pose a direct credential exposure risk.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).\n
Ingestion points: Files identified by the target argument are read and processed by the LLM (scripts/codex_review.py).\n
Boundary markers: Absent; code is interpolated directly into prompts.\n
Capability inventory: The skill can execute system commands and modify files through the codex CLI (scripts/codex_review.py, references/codex_cli_reference.md).\n
Sanitization: Absent; the content of files is not validated or escaped before inclusion in the prompt.

codex-reviewer