codex-cli-specialist
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Detailed auditing of the SKILL.md and all referenced scripts confirms the absence of malicious patterns such as obfuscation, credential exfiltration, or unauthorized network activity.
- [EXTERNAL_DOWNLOADS]: The skill instructions recommend installing the '@openai/codex' package globally via npm. This package is an official tool from OpenAI, which is a well-known and trusted service provider, and thus the reference is considered safe.
- [COMMAND_EXECUTION]: The skill includes Python scripts ('codex_skill_converter.py', 'cross_platform_validator.py', 'skills_index_builder.py') that perform file system operations including reading markdown files, creating directories, and writing YAML/JSON configurations. These operations are restricted to the local workspace and are appropriate for the tool's specialized administrative functions.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because its scripts ingest data from external SKILL.md files to generate agent instructions. However, as this is the primary purpose of the conversion utility and the ingestion is limited to local files, the risk is negligible and consistent with developer tool operations.
Audit Metadata