converting-agents-to-codex
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the latest multi-agent configuration specification from OpenAI's official developer documentation at developers.openai.com.
- [COMMAND_EXECUTION]: Utilizes file system tools including Read, Write, Edit, Glob, and Grep to manage agent definitions and update the central configuration file within the
~/dotfiles/codex/directory. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external agent definition files to generate new instructions.
- Ingestion points: Reads user-provided markdown files (
.md) from a specified directory via the Read tool. - Boundary markers: The output configuration uses triple quotes (
""") to delimit thedeveloper_instructionsfield, though the instructions do not explicitly mandate the subagents to ignore potentially malicious embedded content. - Capability inventory: The skill possesses file system access (Read, Write, Edit) and the ability to manage subagent teams (TeamCreate).
- Sanitization: Implements standard string replacement for platform-specific terminology (e.g., converting 'Claude Code' to 'Codex') but lacks advanced validation of the content being transformed.
Audit Metadata