Skills
skills/aradotso/codex-skills/codexmcp-claude-codex-collaboration/Gen Agent Trust Hub

codexmcp-claude-codex-collaboration

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation instructions command the user to fetch and execute code directly from a non-trusted Git repository (github.com/GuDaStudio/codexmcp.git) using the uvx tool.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the uv package manager from astral.sh. While Astral is a well-known service, the subsequent use of uvx to run unverified code from GitHub presents a significant supply chain risk.
  • [PROMPT_INJECTION]: The 'Recommended Claude Code System Prompt' contains mandatory instructions that override the agent's autonomous behavior, forcing it to route all implementation tasks through the external Codex tool ('At any time, you must consider how to collaborate with Codex...').
  • [COMMAND_EXECUTION]: The tool includes parameters like yolo=True (to run all commands without approval) and sandbox="danger-full-access", which are designed to bypass standard AI safety constraints and security boundaries.
  • [PRIVILEGE_ESCALATION]: The skill explicitly guides users to modify their local configuration (~/.claude/settings.json) to 'auto-approve MCP interactions', effectively removing the human-in-the-loop security control for this third-party tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 08:21 AM