codex-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the "@openai/codex" CLI tool from the NPM registry. This package is an official tool provided by OpenAI.
- [COMMAND_EXECUTION]: Executes the "codex review" command to analyze code changes. This is the primary intended function of the skill.
- [DATA_EXFILTRATION]: Reads local source code and sends it to OpenAI's Codex API for review. This behavior is consistent with the skill's stated purpose of AI-powered analysis.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingest and processes untrusted data from the local filesystem.
- Ingestion points: Reads local files and diffs via the "--uncommitted", "--base", and "--commit" flags in "SKILL.md".
- Boundary markers: No explicit delimiters or instructions to the model to ignore embedded instructions within the source code are specified.
- Capability inventory: The skill can execute CLI commands and access local files.
- Sanitization: No evidence of sanitization or content filtering of the code being reviewed was found.
Audit Metadata