codex-cli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill utilizes shell command substitution (e.g.,
$(npm run build)) to gather context for tasks. This is a dangerous pattern because it executes scripts defined within the local project environment, which could be modified by an attacker to execute malicious code on the host system. - COMMAND_EXECUTION (MEDIUM): The orchestrator frequently uses the
--full-autoflag, enabling the CLI tool to modify the local filesystem without manual verification or a confirmation step for each change. - DATA_EXFILTRATION (MEDIUM): The skill is designed to collect local source code (via
cat) and build error logs and send them to the OpenAI Codex API. While this is the intended functionality, it creates a pipeline for bulk data exfiltration of potentially sensitive local code to a third-party service.
Recommendations
- AI detected serious security threats
Audit Metadata