refine
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python validation script via the 'uv' package manager. Evidence in SKILL.md: 'uv run --with pyyaml -- python3 codex/skills/.system/skill-creator/scripts/quick_validate.py'.
- [COMMAND_EXECUTION]: The workflow includes the execution of scripts that have been modified or generated by the agent to verify their behavior. Evidence in SKILL.md: 'If adding scripts, run a representative sample to confirm behavior.'
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it ingests and processes untrusted external data.
- Ingestion points: Processes SKILL.md files, agents/openai.yaml, external scripts, user feedback, and session mining notes (File: SKILL.md).
- Boundary markers: None identified; the skill does not use delimiters to isolate untrusted data from its primary instructions.
- Capability inventory: The skill is authorized to modify local files via the $ms tool and execute Python code (File: SKILL.md).
- Sanitization: No validation, filtering, or sanitization of input data is implemented.
Audit Metadata