run-codex-subagents

SUSPICIOUS: the skill’s purpose and capabilities are broadly aligned, but its install trust is weak. It asks the agent to execute an unpinned npm package (`codex-worker`) whose official publisher relationship is not clearly verified by the supplied evidence, creating a meaningful supply-chain risk even though there is no clear credential theft or exfiltration behavior in the skill text itself.