codex-review
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill exhibits conflicting provenance information across its documentation and metadata. While the metadata points to repositories under 'antigravity' and 'sickn33', the installation guide directs users to 'BenedictKing/codex-review'. This inconsistency is a security concern as it suggests the code is fetched from an unverified third-party source.- [COMMAND_EXECUTION]: The skill instructions prompt users to execute shell commands ('npx skills add') that download and install software from an external repository.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of 'Codex CLI', an external dependency that is not provided by a trusted vendor, potentially leading to the execution of unverified third-party software.
Audit Metadata