cc-codex-spec-bootstrap

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it materially broadens trust by chaining multiple external CLIs/MCP servers and delegating work to Codex agents. Main concerns are transitive tool trust and prompt-injection risk from analyzing untrusted repo content while retaining file-write capability; there is no clear evidence of credential theft, covert behavior, or malicious exfiltration.