Skills
skills/everyinc/every-marketplace/ce-work-beta/Gen Agent Trust Hub

ce-work-beta

Warn

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of system commands, including a complex git resolution chain to find the repository root and retrieve configuration from .compound-engineering/config.local.yaml.
  • [COMMAND_EXECUTION]: The delegation workflow executes the codex CLI tool. When configured for 'yolo' mode, it uses the --dangerously-bypass-approvals-and-sandbox flag, which provides the tool with full system access and network connectivity to perform automated code changes and verification.
  • [REMOTE_CODE_EXECUTION]: The skill's primary 'beta' feature is the delegation of code implementation to an external model via the codex exec command. This pattern involves executing code generated or provided by a remote service directly on the user's system.
  • [EXTERNAL_DOWNLOADS]: The skill mentions and encourages the installation of the @openai/codex package from the NPM registry as a prerequisite for its delegation features.
  • [DYNAMIC_CONTEXT_INJECTION]: SKILL.md and the delegation reference file use the ! syntax to execute shell logic during the skill loading process. These commands are used to dynamically resolve file paths and check for the presence of the codex binary on the system path.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 1, 2026, 06:31 PM
Security Audit — agent-trust-hub — ce-work-beta