feature-dev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing user-supplied feature requirements through tools capable of code and system modification.
- Ingestion points: Requirements and input provided to the Design and Implement phases (/codex-architect, /codex-implement).
- Boundary markers: No explicit delimiters or safety instructions are defined in the workflow to isolate external data from the agent's core instructions.
- Capability inventory: The skill is granted access to Bash, Edit, and Write tools, which provide the ability to execute code and modify the file system.
- Sanitization: There is no evidence of sanitization or validation of requirements before they influence tool usage.
- [COMMAND_EXECUTION]: The skill incorporates the Bash tool for critical workflow phases such as test verification and pre-commit checks. While typical for development, this capability allows for the execution of arbitrary commands if the agent's logic is subverted via malicious input requirements.
Audit Metadata