codex-implement
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The prompt instructions for the Codex tool include a step to discover and run test commands from the project (e.g., 'grep -m1 "test" package.json'). If the project is untrusted, these commands could execute malicious code.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through input data used for implementation context.
- Ingestion points: Technical specifications provided via the '--spec' flag and project-specific files like 'CLAUDE.md'.
- Boundary markers: The prompt uses Markdown headers but does not include explicit instructions to ignore commands within the context data.
- Capability inventory: Access to 'Bash', 'Write', and 'Edit' tools, plus the Codex implementation loop.
- Sanitization: No input validation or sanitization is performed on specifications or context files before prompt interpolation.
Audit Metadata