codex-skill

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill documentation explicitly exposes and normalizes powerful capabilities—danger-full-access mode (network + full filesystem + system operations), flags to bypass sandboxing and approvals, workspace-write and external directory writes, and resume/skip checks—which collectively create clear and easily-abusable vectors for data exfiltration, remote code execution, credential theft, and supply-chain or persistence attacks, even though it does not contain a hardcoded payload.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly provides and encourages use of "danger-full-access" and a "--dangerously-bypass-approvals-and-sandbox" flag, and describes system-level operations, network access, and access to all files—actions that directly enable bypassing sandboxing and modifying the host system.