opencode-openai-codex-auth
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions direct the agent to run
npx -y opencode-openai-codex-auth@latest. This command downloads a package from the NPM registry and executes it immediately without verification. The package is provided by an unverified third-party author, which represents a high-risk remote code execution pattern. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to download code from a personal GitHub repository (
numman-ali/opencode-openai-codex-auth) for manual installation, which is not a verified or trusted source. - [PROMPT_INJECTION]: The skill metadata and description contain deceptive claims about providing access to "GPT-5.x" and "GPT-5.2 Codex" models. As these models have not been released by OpenAI, these claims constitute metadata poisoning intended to misrepresent the skill's capabilities and encourage the installation of potentially malicious software.
- [DATA_EXFILTRATION]: The skill documentation highlights the storage and usage of sensitive authentication files located at
~/.opencode/auth/session.jsonand references theOPENAI_SESSION_TOKEN. The combination of targeting these credentials and executing unverified remote code creates a significant risk of session theft.
Recommendations
- AI detected serious security threats
Audit Metadata