Skills
skills/sundial-org/awesome-openclaw-skills/codex-orchestration/Gen Agent Trust Hub

codex-orchestration

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses exec_command and write_stdin to interact with background PTY terminals and explicitly directs the agent to operate under a 'YOLO config' (no approvals required), bypassing standard safety controls for command execution.
  • [REMOTE_CODE_EXECUTION]: The orchestration logic involves spawning sub-agents via codex exec. These sub-agents execute prompts that may incorporate untrusted data gathered from 'web search' or local files, potentially leading to the execution of malicious instructions.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. Ingestion points: Worker output is captured in files like /tmp/w1.txt or read from PTY stdout. Boundary markers: While a 'CONTEXT: WORKER' preamble is used to define roles, there are no instructions to ignore malicious content within the worker's response. Capability inventory: The agent has access to exec_command, write_stdin, and codex exec. Sanitization: There is no evidence of sanitization or validation for data returned by workers or web searches before it is ingested by the orchestrator.
  • [DATA_EXFILTRATION]: By combining arbitrary command execution with 'web search' and the ability to write to files, the skill provides the necessary primitives for an attacker to access and exfiltrate sensitive information.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 02:22 AM