model-usage
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/model_usage.pyexecutes thecodexbarcommand usingsubprocess.check_output. The arguments are strictly validated against a predefined list of allowed values ('codex' or 'claude'), which prevents command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill documentation references an external installation source for the required
codexbarCLI via a public Homebrew tap. This is a transparently documented dependency required for the skill's functionality.
Audit Metadata