Skills
skills/paulrberg/agent-skills/oracle-codex/Gen Agent Trust Hub

oracle-codex

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it incorporates untrusted user input into a prompt for the Codex AI model.
  • Ingestion Point: The query argument from $ARGUMENTS is directly used to construct the prompt in SKILL.md.
  • Boundary Markers: The skill does not use delimiters or specific instructions to isolate user input from system prompts.
  • Capability Inventory: The run-codex-exec.sh script executes the codex exec command, which can perform complex analysis based on its input.
  • Sanitization: There is no evidence of input validation or escaping for the user-provided query.
  • [EXTERNAL_DOWNLOADS]: The scripts/check-codex.sh script references external installation sources for the Codex CLI.
  • Evidence: The script suggests installing @openai/codex via npm or the openai/tap/codex Homebrew tap.
  • Source: These references point to OpenAI, which is a recognized and trusted organization. The documentation is provided neutrally as setup instructions.
  • [COMMAND_EXECUTION]: The skill executes local shell scripts and a binary CLI tool.
  • Evidence: It runs scripts/check-codex.sh and scripts/run-codex-exec.sh, which in turn executes the codex binary.
  • Security: The skill uses a HEREDOC and temporary files to pass input to the binary, which is a safe practice that avoids shell command injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 08:36 PM