Skills
skills/aradotso/codex-skills/codex2api-reverse-proxy/Gen Agent Trust Hub

codex2api-reverse-proxy

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads source code from an external repository (https://github.com/james-6-23/codex2api.git). This repository is not part of the trusted vendors list or the author's (Aradotso) known infrastructure.
  • [REMOTE_CODE_EXECUTION]: Instructions guide the agent to execute the downloaded code locally using commands such as go run . and npm run dev, which runs arbitrary external logic.
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage the environment, including git clone, docker compose, npm ci, and go run, allowing for extensive system interaction with external content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 10:49 PM