codex
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the codex CLI tool and promotes high-privilege profiles such as --profile edit (workspace-write) and --profile full (danger-full-access). These profiles allow the tool to modify any file or access system resources.
- [REMOTE_CODE_EXECUTION]: The --profile full flag enables network connectivity. This allows the tool to potentially download and execute remote code or interact with external services while having broad filesystem access.
- [DATA_EXFILTRATION]: Network access combined with broad filesystem permissions creates a risk of sensitive data being sent to external servers.
- [PROMPT_INJECTION]: The skill processes code and prompts through an external worker, creating an attack surface for instructions embedded in data to influence the agent's actions. 1. Ingestion points: Prompt argument and project files. 2. Boundary markers: Absent. 3. Capability inventory: CLI execution, file writes, and network access. 4. Sanitization: Absent.
Audit Metadata