Skills
skills/dnyoussef/context-cascade/codex-zdr/Gen Agent Trust Hub

codex-zdr

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill requires the use of the Bash tool and provides examples of executing a script named codex-yolo.sh with high-privilege flags like --full-auto. The 'yolo' designation often implies bypassing safety checks.
  • EXTERNAL_DOWNLOADS (HIGH): The skill references a local script file scripts/multi-model/codex-yolo.sh that is not provided in the skill package. This represents an unverified dependency with unknown behavior.
  • DATA_EXFILTRATION (MEDIUM): The 'Library-First Protocol' directs the agent to scan and 'extract' code from D:\Projects\*. This allows the agent to read potentially sensitive files across the entire drive.
  • PROMPT_INJECTION (HIGH): As a Category 8 risk, the skill processes external code files from D:\Projects\* while possessing Bash execution capabilities. It lacks boundary markers or sanitization, making it highly vulnerable to instructions embedded in the files it reads.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 07:59 AM