Skills
skills/odrobnik/codex-quota-skill/codex-quota/Gen Agent Trust Hub

codex-quota

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses and modifies the ~/.codex/auth.json file, which contains authentication credentials for the OpenAI Codex service. It temporarily overwrites this file to iterate through multiple accounts.
  • Evidence: Found in codex-quota.py within functions get_active_account(), switch_account(), and update_all_accounts().
  • [COMMAND_EXECUTION]: The script executes the external codex CLI tool using the subprocess module to refresh rate limit data.
  • Evidence: subprocess.run(["codex", "exec", ...]) in the ping_codex() function in codex-quota.py.
  • [DATA_EXFILTRATION]: The skill writes account-level quota data and account names to /tmp/codex-quota-all.json. On many systems, the /tmp directory is world-readable, meaning this sensitive summary could be accessed by other users on the same machine.
  • Evidence: Found in codex-quota.py in the update_all_accounts() function.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes session logs generated from external API responses.
  • Ingestion points: Reads .jsonl files from ~/.codex/sessions/ in extract_rate_limits().
  • Boundary markers: Absent. The script parses the files as JSON without verifying the content source or using delimiters.
  • Capability inventory: Capability to read/write authentication files and execute system commands via the codex CLI.
  • Sanitization: Absent. The script assumes the validity of the JSON structure and contents within the log files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 07:00 AM