codex-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to install a package directly from an untrusted GitHub repository (
BenedictKing/codex-review) usingnpx skills add. This source is not on the trusted list, meaning the execution logic is unverifiable and could be modified by the author to include malicious payloads. - Indirect Prompt Injection (HIGH): As a code review tool, this skill is designed to ingest and process untrusted external data (source code).
- Ingestion points: Source code from the user's project is read for analysis.
- Boundary markers: No evidence of boundary markers or instructions to ignore embedded commands in the reviewed code is provided.
- Capability inventory: The skill description claims 'auto CHANGELOG generation' and 'integrated with Codex AI,' implying file system write access and potential network communication.
- Sanitization: There is no evidence of sanitization or safety checks for instructions that might be hidden in code comments or string literals within the reviewed files.
- COMMAND_EXECUTION (MEDIUM): The skill likely executes local commands or shell scripts to perform code analysis and generate changelogs based on commit history, which increases the impact if an injection occurs.
Recommendations
- AI detected serious security threats
Audit Metadata