Skills
skills/xu-cell/ai-engineering-init/collaborating-with-codex/Gen Agent Trust Hub

collaborating-with-codex

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file provides instructions to add an MCP server from an unverified GitHub repository (github.com/GuDaStudio/codexmcp.git) using uvx. This source does not belong to the trusted organizations list. \n- [COMMAND_EXECUTION]: The bridge script scripts/codex_bridge.py uses subprocess.Popen to execute the external codex command. It exposes dangerous flags like --yolo and --sandbox danger-full-access to the agent, which can result in the execution of model-generated commands without user approval or sandbox restrictions. \n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it takes arbitrary task instructions in the PROMPT parameter and processes them through an execution engine. \n
  • Ingestion points: The PROMPT parameter in the mcp__codex__codex tool. \n
  • Boundary markers: None identified; prompts are passed directly to the tool via stdin without delimiters. \n
  • Capability inventory: The skill has the capability to run system commands via the subprocess module in scripts/codex_bridge.py. \n
  • Sanitization: No input validation or filtering is performed on the prompt string.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 10:12 AM