Skills
skills/sd0xdev/sd0x-dev-flow/codex-implement/Gen Agent Trust Hub

codex-implement

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data and local project context.
  • Ingestion points: Reads data from requirement specifications via the --spec argument and local project files like CLAUDE.md.
  • Boundary markers: Uses Markdown headers in prompt templates as weak delimiters.
  • Capability inventory: Access to mcp__codex__codex (with workspace write permissions), Edit, Write, and Bash(git:*).
  • Sanitization: No evidence of input validation or prompt escaping for ingested content.
  • [COMMAND_EXECUTION]: The skill explicitly directs the AI to execute arbitrary scripts found in the project environment.
  • Evidence: Instructions in references/codex-prompts.md Phase 4 tell the agent to find and run test commands from package.json or similar configuration files.
  • Risk: This can lead to the execution of malicious code if the agent is directed to work on a compromised or untrusted codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:12 AM