Skills
skills/amelnagdy/delegate-skills/codex-delegate/Gen Agent Trust Hub

codex-delegate

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands using the node:child_process module within its relay.mjs script. It runs codex --version to verify the installation, git status --porcelain to identify changed files, and codex exec (or codex exec resume) to process coding tasks. These operations are performed using spawn and execFileSync with explicitly constructed argument arrays, which prevents shell-based command injection.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to ensure the @openai/codex package is installed via npm (npm i -g @openai/codex). This is a standard dependency installation from a well-known service provider and is essential for the skill's stated purpose of delegating work to the Codex CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:52 PM
Security Audit — agent-trust-hub — codex-delegate