Skills
skills/khanglvm/skills/codex-cli/Gen Agent Trust Hub

codex-cli

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the @openai/codex package using the NPM package manager. As the package is associated with a trusted organization (OpenAI), this is documented as a standard installation procedure.
  • [REMOTE_CODE_EXECUTION]: The documentation includes examples of running MCP servers using the npx utility with the @upstash/context7-mcp package. Upstash is recognized as a well-known service provider, and this usage is consistent with its intended purpose.
  • [COMMAND_EXECUTION]: The skill defines various CLI commands for operating the Codex tool, including codex exec for non-interactive task execution and commands for managing MCP servers.
  • [SAFE]: The skill contains explicit security sections that advise on the protection of authentication credentials, the use of least-privilege sandbox modes, and the hardening of shell environment policies to prevent secret leakage.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:28 AM