product-analysis

Fail

Audited by Snyk on Jun 24, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill explicitly orchestrates autonomous execution of an external Codex CLI with "full filesystem access" and flags like --full-auto / --dangerously-bypass-approvals-and-sandbox, launches background processes with filesystem and network-capable tools (and silent fallback behavior), and delegates to a competitor-analysis skill that clones repos — collectively creating strong potential for remote code execution, sandbox/safety bypass, and data exfiltration of project files or secrets.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly encourages running Codex CLI with autonomous flags including "--dangerously-bypass-approvals-and-sandbox" and notes Codex has "full filesystem access," which directs the agent to bypass security/sandboxing and enables unrestricted modifications to the host state.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 24, 2026, 02:27 PM
Issues
2
Security Audit — snyk — product-analysis