codex-subagent

The skill/package is functionally coherent and implements the documented capability to spawn background subagents and capture outputs. It does not contain direct obfuscated malware or hard-coded credentials in the provided text. However, it intentionally promotes disabling sandbox/approval safeguards and autonomous, non-interactive operation — decisions that materially increase the risk of credential leakage, data exfiltration, uncontrolled network activity, and runaway costs. Treat this as an operationally risky component: acceptable only with strict controls (no sandbox bypass, explicit approvals, secrets redaction, endpoint whitelists, rate-limits, and monitoring). Recommended mitigations: remove or disable dangerous flags from examples, add clear warnings about never embedding secrets in prompts, require explicit human approval before launching subagents, add endpoint whitelisting, and log/monitor subagent activity.