omega-codex-cli

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill spawns "npx -y @openai/codex" (and advertises "npm install -g @openai/codex") at runtime, which will fetch and execute remote npm package code to provide the Codex CLI that runs the provided prompts, so remote code is retrieved and executed during skill runtime.