skills/breezewish/skills/codex-review/Snyk

codex-review

Fail

Audited by Snyk on May 14, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 0.90). The script intentionally gives the spawned Codex agent broad, unattended privileges (sandbox: "danger-full-access", approvalPolicy: "never") and passes the repository working directory to that agent, creating a high-risk capability for remote code execution and silent data exfiltration even though no explicit exfiltration code is present.

Issues (1)

E006

CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 14, 2026, 06:06 AM

Issues

1

Security Audit — snyk — codex-review