code-explorer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill invokes a local command 'codex-subagent' to trace codepaths. It uses quoted heredocs (<<'EOF') which is a security best practice to prevent the shell from interpreting variables or command substitution within the provided context.
- PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection. Ingestion point: Context block in SKILL.md heredoc; Boundary markers: Quoted heredoc used; Capability inventory: Execution of codex-subagent; Sanitization: Shell expansion disabled by quoting 'EOF'. While the shell execution is safe, the subagent itself could be influenced by malicious instructions embedded in the task context or external PR data it explores.
Audit Metadata