omega-codex-cli
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill ensures availability of the Codex CLI by attempting to fetch the official
@openai/codexpackage from the NPM registry usingnpxif the local binary is not found. - [COMMAND_EXECUTION]: Core functionality is implemented using
child_process.spawnwith explicit argument arrays andshell: false, which effectively prevents shell injection vulnerabilities. It also manages process lifecycles on Windows usingtaskkillfor timeout enforcement. - [DATA_EXFILTRATION]: The skill transmits prompt data and code context to OpenAI's API. This is the intended primary purpose of the tool, though it constitutes data egress to a third-party service.
Audit Metadata