Skills
skills/ryoppippi/dotfiles/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing the codex CLI tool to perform its primary function. It runs subprocesses with various flags (--uncommitted, --base, --commit) to interact with the local git repository and source files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data in the form of source code and git diffs.
  • Ingestion points: The agent reads uncommitted changes, specific commits, and branch diffs via the codex exec review command as defined in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between its own instructions and content found within the code being reviewed.
  • Capability inventory: The skill has the capability to execute commands via the codex CLI and potentially help the user implement changes based on the review.
  • Sanitization: There is no evidence of sanitization or filtering of the code content before it is processed by the agent for the review task.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 06:20 PM