codex-advisor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill encourages users to install '@openai/codex' via npm, which is not a recognized official OpenAI package. Given the use of fictional model names, this indicates a high risk of installing malicious software under the guise of an official tool.
- [CREDENTIALS_UNSAFE] (HIGH): The instructions to export 'OPENAI_API_KEY' and 'CODEX_API_KEY' for use with this unverified tool facilitate credential theft.
- [REMOTE_CODE_EXECUTION] (HIGH): Use of the 'codex exec' command with the '--full-auto' flag allows an external entity to modify local files, providing a mechanism for arbitrary code execution should the package or model output be malicious.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. Evidence: (1) Ingestion points: 'git diff' and local files via '-C .' (SKILL.md); (2) Boundary markers: Absent; (3) Capabilities: File-writing and modification via 'codex exec' (SKILL.md); (4) Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata