product-analysis
Fail
Audited by Snyk on Jun 24, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The skill explicitly orchestrates autonomous execution of an external Codex CLI with "full filesystem access" and flags like --full-auto / --dangerously-bypass-approvals-and-sandbox, launches background processes with filesystem and network-capable tools (and silent fallback behavior), and delegates to a competitor-analysis skill that clones repos — collectively creating strong potential for remote code execution, sandbox/safety bypass, and data exfiltration of project files or secrets.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly encourages running Codex CLI with autonomous flags including "--dangerously-bypass-approvals-and-sandbox" and notes Codex has "full filesystem access," which directs the agent to bypass security/sandboxing and enables unrestricted modifications to the host state.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata