codex
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by forwarding untrusted data to an autonomous executor.
- Ingestion points: User input following the
/codexcommand inSKILL.md. - Boundary markers: Absent; instructions specify that the prompt is preserved verbatim.
- Capability inventory: The tool runs with
--full-auto(enabling file system modifications) and supports--searchfor web access withinscripts/run-codex.sh. - Sanitization: Absent; the user input is piped directly to the binary's stdin without filtering or escaping.
- [COMMAND_EXECUTION]: The script
scripts/run-codex.shexecutes thecodexbinary from the system PATH to perform requested tasks.
Audit Metadata