oracle-codex
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it constructs a prompt for the external Codex CLI using untrusted data from user queries and workspace context (file contents and diffs). 1. Ingestion points: query argument and file context referenced in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions are used to distinguish instructions from data. 3. Capability inventory: The skill executes the codex CLI tool via shell scripts. 4. Sanitization: There is no evidence of input validation or escaping before interpolation into the prompt.
- [COMMAND_EXECUTION]: The skill invokes local shell scripts (check-codex.sh and run-codex-exec.sh) to execute the codex binary. The execution uses safe array-based patterns and validates the model against an allowlist.
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference the @openai/codex package and official OpenAI repositories, which are required dependencies from a trusted organization.
Audit Metadata