codex-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill is distributed via an untrusted GitHub repository (
BenedictKing/codex-review) which is not on the list of trusted providers. This poses a risk of malicious code being included in the skill itself. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its core function.
- Ingestion points: Reads the entire project codebase based on the
scope: [root]configuration. - Boundary markers: None identified in the provided documentation to distinguish between code to be reviewed and potential instructions.
- Capability inventory: Possesses file-write capabilities (automatic CHANGELOG generation) and depends on the
Codex CLIwhich implies command execution. - Sanitization: No evidence of sanitization or filtering of codebase content before processing.
- COMMAND_EXECUTION (MEDIUM): The skill requires an external 'Codex CLI' to be installed and used, which involves executing subprocesses that are not fully transparent in the skill description.
Recommendations
- AI detected serious security threats
Audit Metadata