oracle
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@openai/codexpackage via npm (npm i -g @openai/codex). This is a well-known package from a trusted service provider (OpenAI). - [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/codex-oracle.py) which in turn invokes thecodexCLI tool viasubprocess.run. This is the primary intended functionality of the skill for performing code analysis. - [DATA_EXFILTRATION]: While the script reads local files to provide context to the Codex CLI, it does so within the context of a requested analysis. The output is directed to a temporary file for the user to review. There is no evidence of unauthorized data transmission to unknown third parties.
Audit Metadata