codex-subagent

SUSPICIOUS: the skill’s purpose matches subagent orchestration, and the Codex CLI appears first-party, but it normalizes launching unsandboxed, approval-bypassing autonomous agents that may process untrusted web/codebase content. The main risk is excessive execution freedom and prompt-injection exposure, not confirmed malware or credential theft.