silent-failure-hunter
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes the
codex-subagentcommand line utility via a shell script. While this appears to be the primary intended function, invoking external binaries with user-controlled input strings is a risk factor for command injection or unintended behavior if the binary has vulnerabilities. - [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted data including task context, scope, and PR/issue numbers provided in the input block.
- Boundary markers: Uses a shell heredoc (
<<'EOF') to delimit the input data. This prevents shell-level command injection but does not stop the AI subagent from being influenced by instructions embedded within the provided text. - Capability inventory: Executes a subagent designed for code analysis and error detection, which implies reading potentially large volumes of external code and metadata.
- Sanitization: No sanitization, filtering, or explicit 'ignore embedded instructions' markers are used for the external context before it is passed to the subagent.
Audit Metadata