codex-exec
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/codex-wrapper.cjsutility useschild_process.spawnwith an arguments array to interface with thecodexCLI. This method is resistant to shell injection as the prompt and other parameters are not interpreted by a shell environment. - [EXTERNAL_DOWNLOADS]: The skill documentation correctly identifies a dependency on the
@openai/codexglobal NPM package. This is a functional requirement for a well-known service and is handled through standard user-initiated installation. - [DATA_EXPOSURE]: The skill includes an
--outputparameter that allows the AI agent to write results to a local file. This capability is transparently documented as a feature for saving generated code or analysis.
Audit Metadata