codex-explain
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the interpolation of untrusted code content into the prompt defined in references/codex-prompt-explain.md.\n
- Ingestion points: The ${CODE_CONTENT} variable in references/codex-prompt-explain.md receives content from files being explained.\n
- Boundary markers: The prompt uses triple backticks to delimit code content, which can be easily escaped by an attacker to inject new instructions.\n
- Capability inventory: The agent is authorized to use Read, Grep, and Glob tools to explore the file system based on patterns identified in the code.\n
- Sanitization: No sanitization or filtering is performed on the input code content before it is passed to the Codex model.\n- [PROMPT_INJECTION]: The prompt instructions in references/codex-prompt-explain.md use high-priority behavioral overrides such as 'Important: You must independently research' and 'Before explaining code, you must', which are patterns that can be leveraged to bypass system safety constraints.
Audit Metadata