codeagent
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is the execution of the
codeagent-wrapperCLI tool for code analysis and generation tasks. - [COMMAND_EXECUTION]: Provides an explicit safety bypass via the
--dangerously-skip-permissionsflag and theCODEAGENT_SKIP_PERMISSIONSenvironment variable, which disables user prompts for the Claude backend. - [COMMAND_EXECUTION]: Includes a configuration to bypass security sandboxes for the Codex backend using the
CODEX_BYPASS_SANDBOX=trueenvironment variable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes task content and external file references that could contain malicious instructions.
- Ingestion points: Task descriptions provided via stdin (heredoc syntax) and local file content accessed through the
@file reference syntax (documented in SKILL.md). - Boundary markers: No delimiters or instructions to ignore embedded commands within the ingested data are defined.
- Capability inventory: The tool is capable of code implementation, refactoring, and orchestration across multiple backend agents (SKILL.md).
- Sanitization: The documentation does not indicate any sanitization, validation, or filtering of the input task content or referenced files.
Audit Metadata