Skills
skills/zhangga/aihub/codex-review/Gen Agent Trust Hub

codex-review

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to install a package from a community repository (BenedictKing/codex-review) and requires a Codex CLI, neither of which originate from trusted or well-known organizations.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted source code to perform reviews and generate documentation.
  • Ingestion points: The agent reads and analyzes source code files and git commit history (SKILL.md).
  • Boundary markers: The instructions lack markers or specific guidelines to treat analyzed code as untrusted content.
  • Capability inventory: The skill is designed to perform file writes, specifically updating the CHANGELOG.md file in the project root (SKILL.md).
  • Sanitization: No sanitization or validation logic is defined to prevent malicious code from influencing the agent's output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 08:18 AM