codex-orange-book-guide

SUSPICIOUS: the skill is mostly a documentation/reference guide, but it contains notable trust and scope issues. The largest concerns are inaccurate OpenAI install details, transitive installation of third-party skills from URLs, and credential forwarding into external MCP tooling. Not confirmed malware, but higher-risk than a normal product guide.