The Agent Skills Directory

[DATA_EXFILTRATION]: The extension is designed to intercept OAuth callback URLs containing sensitive code and state parameters during the login flow (Step 8) and submit this data to a remote 'CPA' management panel (Step 9). This facilitates the automated exfiltration of authentication credentials to external infrastructure.
[EXTERNAL_DOWNLOADS]: The skill instructs users to download the extension source code from a third-party GitHub repository (QLHazyCoder/codex-oauth-automation-extension.git). This involves importing external logic that is not contained within the skill itself.
[COMMAND_EXECUTION]: The installation process requires the manual execution of shell commands (git clone, cd) to fetch and set up the extension code on the local machine.
[CREDENTIALS_UNSAFE]: The extension programmatically accesses and processes highly sensitive data, including one-time passwords (OTPs) from multiple email providers (DuckDuckGo, QQ, 163, Inbucket) and user-generated passwords. It also persists configuration data in chrome.storage.local.
[PRIVILEGE_ESCALATION]: The extension uses the chrome.debugger API to simulate user clicks on OAuth authorization pages. This high-privilege API allows the extension to bypass typical web-based security measures intended to prevent automated script interactions.

codex-oauth-automation-extension