codex-skill

SUSPICIOUS: The skill is broadly aligned with its stated purpose of orchestrating Codex for coding tasks, and the install paths appear normal. However, it materially increases risk by promoting approval bypass, long-running autonomous execution, automatic git push/PR actions, and sending diffs to external model tooling. This looks like a powerful automation skill rather than malware, but its operational scope is high-risk for an AI agent.