update-codex

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches update metadata and application artifacts from OpenAI's official distribution domain (persistent.oaistatic.com). This behavior is consistent with the skill's primary purpose of keeping the local port synchronized with upstream releases.
  • [COMMAND_EXECUTION]: Executes several local maintenance and build scripts, including assemble-codex-runtime.mjs, refresh-recovered-from-dmg.mjs, and build-codex-linux-runtime.mjs. These scripts are used to unpack artifacts and apply Linux-specific compatibility patches.
  • [COMMAND_EXECUTION]: Performs software installation tasks such as writing files to ~/.local/opt/codex-desktop/ and managing desktop integration files in ~/.local/share/applications/ and ~/.config/autostart/.
  • [COMMAND_EXECUTION]: Manages release workflows using standard Git and NPM commands (npm test, git push, git tag) to publish updated Linux artifacts when requested by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 02:00 PM
Security Audit — agent-trust-hub — update-codex