codex-configuration
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill documents configurations that allow an agent to bypass security controls, specifically 'sandbox_mode = "danger-full-access"' and 'shell_environment_policy.inherit=all'. These settings can expose sensitive host environment variables and grant unrestricted disk access to the agent.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The instructions for configuring MCP servers promote the use of 'npx -y' to fetch and run remote packages. This enables arbitrary code execution at runtime based on the package name provided in the configuration.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references a built-in '$skill-installer' tool for downloading skills from GitHub. While standard for this tool, it highlights a vector for introducing unvetted external code into the runtime environment.
Audit Metadata