sync-codex
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator script 'run-codex-sync.mjs' utilizes the 'node:child_process' module to spawn multiple subprocesses that execute external Node.js scripts located in the '.claude/scripts/codex/' directory.
- [PROMPT_INJECTION]: The skill instructions in 'SKILL.md' include explicit directives to 'Ignore Claude-specific mode-switch instructions' and enforce a 'Strict execution contract', which are techniques used to override standard agent platform constraints.
- [NO_CODE]: The primary logic for key stages of the pipeline, such as migration, hook synchronization, and context regeneration, is defined in external '.mjs' scripts that are not included in the skill's source files.
- [COMMAND_EXECUTION]: The tool dynamically discovers and executes unit test files (ending in '.test.mjs') from the local filesystem at runtime using directory listing and the 'node --test' runner.
Audit Metadata