codex-skill
Fail
Audited by Socket on Jun 23, 2026
1 alert found:
MalwareMalwareSKILL.md
HIGHMalwareHIGH
SKILL.md
The Codex Agent Skill fragment describes a highly capable automation workflow enabling autonomous code changes, dependency installations, and PR-based delivery with strong operational autonomy. While this supports hands-off task execution, the explicit use of security-bypassing flags and automation-heavy patterns introduce non-trivial supply-chain and runtime risks. Data flows include code changes, dependency installation, repository state mutations, and PR propagation, with potential leakage through logs or prompts. Treat as SUSPICIOUS with elevated risk; enforce per-action prompts, sandboxing, restricted network access, and strict secret handling before deployment in real-world environments.
Confidence: 95%Severity: 90%
Audit Metadata