codex-supergraph
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the vendor's official @codex-data/sdk and the well-known graphql-ws library. Both are standard and expected for the skill's purpose.
- [COMMAND_EXECUTION]: Provides curl command templates for interacting with the vendor's GraphQL API. The execution is limited to the official graph.codex.io domain.
- [SAFE]: No evidence of prompt injection, unauthorized data access, or obfuscation was found. The skill correctly handles API keys as environment variables and limits network communication to the vendor's infrastructure.
Audit Metadata