codex-skill
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses exec() and tmux send-keys to manage system processes, worktrees, and long-running background sessions.
- [EXTERNAL_DOWNLOADS]: The workflow involves running package managers (npm, pnpm, pip, go) to install dependencies from repositories, which may fetch and execute unverified third-party code.
- [REMOTE_CODE_EXECUTION]: The instructions mandate the use of the --dangerously-bypass-approvals-and-sandbox flag. This configuration allows the Codex CLI to execute AI-generated code on the host system without human approval or isolation, posing a risk of arbitrary code execution.
- [COMMAND_EXECUTION]: The 'Adaptive Timeout' strategy allows processes to run for up to 12 hours without user intervention, which can be leveraged to maintain persistence or perform extensive background operations.
- [COMMAND_EXECUTION]: The skill creates and manages a local JSON registry (active-tasks.json) to track state, which involves reading and writing to the filesystem using jq.
Audit Metadata