Skills
skills/aradotso/codex-skills/skill-codex-delegation/Gen Agent Trust Hub

skill-codex-delegation

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a 'Codex CLI' from unverified sources and instructs the agent to clone a repository from an untrusted GitHub organization (github.com/skills-directory/skill-codex.git).
  • [REMOTE_CODE_EXECUTION]: The skill is designed to delegate complex coding tasks to an external execution environment. It specifically promotes the use of the --full-auto flag, which enables autonomous task completion and code execution without human-in-the-loop review.
  • [COMMAND_EXECUTION]: The instructions encourage the use of the --sandbox off flag, which explicitly disables execution isolation and grants the external process full access to the host file system.
  • [PROMPT_INJECTION]: While not a direct exploit, the skill defines autonomous triggers that allow an external tool to take control of the agent's workflow based on natural language commands, which could be exploited through malicious project files.
  • [DATA_EXFILTRATION]: The skill requires the user to set sensitive credentials (OPENAI_API_KEY) in the environment. These credentials are then passed to an unverified external CLI tool, creating a risk of credential theft.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 17, 2026, 03:52 PM