codex-setup
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill establishes persistence by installing and modifying git hooks (commit-msg and pre-push) in the .git/hooks or .husky directories. These hooks are configured to automatically source and execute shell scripts (commit-msg-guard.sh and pre-push-gate.sh) provided by the vendor.
- [COMMAND_EXECUTION]: High-privilege Bash commands are used to create project directories and copy executable runner scripts. The skill also utilizes chmod to modify file permissions on the host system.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading content from package.json and CLAUDE.md to populate templates. There are no documented sanitization steps for this external data.
- Ingestion points: package.json and CLAUDE.md (detected in SKILL.md Phase 1).
- Boundary markers: Absent.
- Capability inventory: Write, Bash, and Edit permissions (defined in SKILL.md frontmatter).
- Sanitization: Absent.
- [PROMPT_INJECTION]: The included agents-kernel.md template imposes behavioral constraints and mandatory workflow requirements on AI agents, directing them to use specific vendor scripts for validation.
Audit Metadata