codex-orchestrator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content deliberately instructs bypassing sandboxing and approval controls, automating stdin injection (including sudo passwords and OTPs via mailbox access), and running arbitrary commands—patterns that enable remote code execution, credential theft, and data exfiltration if abused.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running global installs and delegating file/command execution to Codex and even recommends using dangerous flags to bypass sandboxing/approvals (e.g. --dangerously-bypass-approvals-and-sandbox and sandbox_mode="danger-full-access"), which directs the agent to circumvent security controls and modify system state.