Skills
skills/aradotso/codex-skills/codex-plugin-claude-code/Gen Agent Trust Hub

codex-plugin-claude-code

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes JavaScript examples that utilize child_process.execSync to run shell commands.
  • [COMMAND_EXECUTION]: The delegateToCodex function in the provided code examples is vulnerable to shell command injection. It interpolates the task variable directly into a command string without sanitization, which could allow an attacker to execute arbitrary commands if the task description contains shell metacharacters.
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (!codex login) to execute a shell command when the skill is loaded.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @openai/codex package from the npm registry and adds a plugin marketplace from OpenAI's GitHub organization.
  • [REMOTE_CODE_EXECUTION]: The skill triggers the execution of the codex CLI, which sends local source code to OpenAI's remote infrastructure for processing.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. It ingests untrusted code and task descriptions for processing. While it provides powerful capabilities to execute commands via the Codex CLI, the provided examples lack boundary markers or sanitization logic to prevent malicious instructions within the processed data from influencing agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 12:56 AM