offload

This is primarily an orchestrator/launcher for codex. It shows no clear standalone malware indicators (no network activity, no exfiltration routines, no persistence/backdoors). The main supply-chain security concern is intentional execution with --dangerously-bypass-approvals-and-sandbox and direct injection of the entire BLOCK file contents into codex inputs (tmux/Terminal/headless). If BLOCK or REPO can be influenced by an attacker, this wrapper materially increases the likelihood of high-impact actions by codex. If inputs are fully trusted, risk is lower but still nontrivial due to the bypass flag.