codex

This skill is a procedural guide for operating the Codex CLI rather than application source code. It does not contain explicit malware (no hardcoded C2 domains, reverse shells, or base64 payloads). However, it normalizes high-risk operational behaviors: always using --skip-git-repo-check, default suppression of stderr (2>/dev/null), and permissive sandbox modes including `danger-full-access` and `--full-auto`. The resume via piped stdin allows arbitrary future prompts to run under the session's prior privileges. These patterns together create a meaningful supply-chain and operational risk: an attacker or misconfigured automation could leverage resumed sessions or elevated sandboxes to read/write files, exfiltrate secrets, or run arbitrary commands without clear user-visible logs. Recommend treating the skill as suspicious: require explicit per-action confirmations for high-impact flags, avoid recommending stderr suppression by default, add guidance to never place secrets in prompts or piped input, and verify the codex CLI binary source/checksums before use.