codeagent
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill documentation explicitly supports "CODEX_BYPASS_SANDBOX=true", which disables security approvals and sandboxing for code execution.
- [Privilege Escalation] (MEDIUM): Provides flags such as "--dangerously-skip-permissions" to suppress security prompts during automation, increasing the risk of unauthorized actions.
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect injection as it processes untrusted task descriptions and referenced files. Evidence: 1. Ingestion points: Stdin and CLI arguments for codeagent-wrapper; 2. Boundary markers: Uses EOF heredocs and ---TASK--- separators; 3. Capability inventory: Execution of arbitrary code through multiple AI backends; 4. Sanitization: No sanitization or validation of the injected task content is performed.
Recommendations
- AI detected serious security threats
Audit Metadata