security-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local commands including
git diff,grep, andglobto define the audit scope and identify sensitive files. These operations are restricted to the local workspace and are necessary for the skill's stated purpose of security auditing. - [DATA_EXFILTRATION]: The skill is configured to search for and read files containing sensitive keywords like 'password', 'secret', and 'token'. This access is intended for security review purposes. Code and metadata are processed by the Codex MCP tool, and no unauthorized data exfiltration to unknown or malicious domains was detected.
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Codex model via the
mcp__codex__codextool to perform analysis. This involves sending code snippets to an external service, which is the standard operational procedure for this type of AI-assisted security review tool. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it reads unvalidated source code and passes it to an LLM.
- Ingestion points: Code changes gathered via
git diffand file contents read viagrep/catinSKILL.mdandreferences/codex-prompt-security.md. - Boundary markers: The prompts in
references/codex-prompt-security.mduse markdown code blocks (triple backticks) and delimiters to separate code from instructions. - Capability inventory: The skill utilizes
Read,Grep,Glob, and MCP tools (mcp__codex__codex,mcp__codex__codex-reply). - Sanitization: No explicit sanitization or filtering of input code is performed before analysis.
Audit Metadata