The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is centered on the codex CLI tool, which is designed to perform file system operations and execute shell commands. It includes documentation for high-privilege modes such as --sandbox workspace-write and --sandbox danger-full-access, which allow the agent to modify the environment.
[PROMPT_INJECTION]: The patterns described for agent delegation create a vulnerability surface for indirect prompt injection. If an agent uses these instructions to process content from untrusted sources, malicious instructions within that content could be executed by the Codex sub-agent.
Ingestion points: Natural language prompts passed as arguments to codex exec or provided via standard input (stdin) as shown in multiple examples in SKILL.md.
Boundary markers: The provided examples lack boundary markers or explicit instructions to ignore embedded commands within the delegated tasks.
Capability inventory: The codex tool is explicitly documented to have file system write access and shell execution capabilities, which can be enabled via sandbox flags.
Sanitization: There are no sanitization or validation steps shown to clean input data before it is passed to the execution command.

codex-reference