codex-cli-runtime

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly forwards the user's raw arguments into a single CLI invocation (and returns stdout verbatim), so if those arguments or the tool output contain API keys/passwords/cookies the agent will have to include and emit them verbatim, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill forwards user tasks to a write-capable Codex runtime (defaults to --write) and thus could be used to perform changes on the host if the user requests them, but it does not itself request sudo, instruct state-changing system operations (create users, edit system configs), or encourage privilege escalation—so it is potentially risky but not explicitly malicious.