Skills
skills/artwist-polyakov/polyakov-claude-skills/codex-review/Gen Agent Trust Hub

codex-review

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the Bash tool to be executed with dangerouslyDisableSandbox: true. This bypasses standard security restrictions to allow the codex CLI to access macOS system APIs (SCDynamicStore) which would otherwise cause a crash.
  • [REMOTE_CODE_EXECUTION]: The skill uses the codex exec command to send implementation plans and code descriptions to OpenAI's remote services for processing and review.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the @openai/codex package, which is a well-known service, and provides instructions for its installation via the NPM registry.
  • [DATA_EXFILTRATION]: By design, the skill reads implementation plans and project metadata to send them to OpenAI's infrastructure for the review process.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests plan files and code descriptions (e.g., in scripts/codex-review.sh via cat "$PLAN_FILE") which are then processed by the external Codex agent. Boundary markers are present in the scripts to help differentiate instructions from data, but the processing of untrusted project content remains a potential vector.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 08:35 PM