Skills
skills/trancong12102/agentskills/council-review/Gen Agent Trust Hub

council-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @openai/codex package from npm. OpenAI is a trusted organization and a well-known service.
  • [COMMAND_EXECUTION]: The scripts/codex-review.py utility invokes the codex command-line tool. It uses subprocess.run with a list of arguments, which correctly prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes code content that may contain malicious instructions designed to subvert the review process.
  • Ingestion points: Code diffs (staged, unstaged, untracked changes), branch comparisons, and specific commit changesets in the local repository.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are implemented in the skill's scripts.
  • Capability inventory: Execution of the codex CLI tool via subprocess calls; use of the Read tool to access local files.
  • Sanitization: The skill does not perform sanitization or filtering of the code content before passing it to the evaluation models.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:31 PM