codex
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash commands in its Preamble and Telemetry sections to manage local state, verify the presence of dependencies, and log operational telemetry to the user's home directory.
- [EXTERNAL_DOWNLOADS]: Recommended installation of the
@openai/codexCLI from the official NPM registry is documented for users who do not have the dependency present. - [DATA_EXFILTRATION]: Provides optional telemetry and artifact synchronization features (e.g., to private GitHub repositories). These are clearly presented as user choices through interactive prompts and require explicit opt-in for sensitive syncing.
- [REMOTE_CODE_EXECUTION]: Passes repository context such as git diffs and plan files to the external Codex AI. The skill includes a 'Filesystem Boundary' instruction to prevent the external AI from processing or modifying agent-specific configuration and skill files.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted project data through an external AI model. It includes explicit scoping instructions to the AI to ignore potential instructions within system-level directories and focus solely on the codebase.
Audit Metadata