ask-codex
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
codex execcommand (SKILL.md) to interact with an external implementation reviewer. This pattern involves spawning a subprocess, which is a sensitive operational capability. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: Codebase context and user implementation plans are ingested to form the consultation prompt (SKILL.md). Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the command template to isolate the prompt content from the shell command structure. Capability inventory: Subprocess execution via
codex exec(SKILL.md). Sanitization: The skill lacks automated sanitization or shell-escaping for the strings interpolated into the command execution block.
Audit Metadata