Skills
skills/aahl/skills/cpa-codex-free/Gen Agent Trust Hub

cpa-codex-free

Fail

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The Python script scripts/main.py generates and processes a JSON object containing sensitive OpenAI authentication data, including access_token, refresh_token, and id_token.- [DATA_EXFILTRATION]: The skill uses curl to upload the generated file containing the authentication tokens to a remote endpoint specified by the CLI_PROXY_API_BASE environment variable, exposing credentials to an external server.- [COMMAND_EXECUTION]: The workflow in SKILL.md executes several shell commands using curl to upload data, check status via jq, and delete local temporary files.- [EXTERNAL_DOWNLOADS]: The script performs network requests to unofficial third-party domains mail.chatgpt.org.uk and shop.chatgpt.org.uk to programmatically retrieve temporary email addresses and OTP verification codes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 2, 2026, 02:26 PM