Skills
skills/garrytan/gstack/codex/Gen Agent Trust Hub

codex

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run numerous utility scripts located in ~/.claude/skills/gstack/bin/ for configuration, telemetry, and integration tasks. It also executes Git commands to modify project files like CLAUDE.md and perform automated commits.
  • [EXTERNAL_DOWNLOADS]: It suggests the installation of @openai/codex via npm and references documentation on garryslist.org.
  • [DATA_EXFILTRATION]: The skill implements telemetry and an 'Artifacts Sync' feature to move data to remote servers, both of which are gated by user consent prompts.
  • [REMOTE_CODE_EXECUTION]: The skill uses source and eval on the output of local scripts and runs an inline Python script to parse command output, representing dynamic command generation and execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:21 PM
Security Audit — agent-trust-hub — codex