codex-skill

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill text is primarily documentation for a CLI and does not contain directly malicious code (no obfuscation, no hardcoded secrets, no explicit exfiltration endpoints). However, it prominently documents and normalizes high-risk operational modes (danger-full-access, bypassing approvals, adding external write dirs) and encourages autonomous execution and skipping confirmations. Those features are disproportionate to many typical use-cases and create a high-risk execution path if the installed CLI or environment is untrusted. Recommendation: treat the documented 'danger-full-access' and any 'bypass approvals' flags as sensitive; avoid enabling them on untrusted machines, verify CLI binary provenance before installation, and require explicit human confirmation policies for destructive/network-capable operations. LLM verification: The document itself is not executable malware and contains no hardcoded secrets, but it considerably raises operational and supply-chain risk by normalizing broad privileges (danger-full-access, workspace-write), providing a bypass flag for safety controls, and recommending global installs without integrity checks. If the Codex CLI or dependent packages are compromised, these instructions would enable high-impact abuse (reading/exfiltrating sensitive files, installing malicious packages, executi