codex-cli-runtime
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Shell Command Execution: The skill is designed to invoke a local script using a shell command pattern (
node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" ...). This is a standard integration method for CLI-based tools where the agent acts as an interface for an existing utility. - User Input Interpolation: The instructions specify that user-provided task text should be passed to the command. This creates a functional requirement for the agent to handle dynamic arguments, which is a common pattern for task-oriented CLI wrappers.
- Operational Constraints: The skill includes explicit instructions to use the provided helper instead of manual 'git' or other 'Bash activity.' This encourages the use of a controlled interface for repository interactions, which is a consistent practice for specialized agent tools.
- Environmental Dependency: The skill relies on the
${CLAUDE_PLUGIN_ROOT}environment variable to locate its helper scripts. This indicates the skill is intended to run within a pre-configured environment where these assets are managed locally.
Audit Metadata