codex-image
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages ChatGPT session tokens by reading from and writing to the
~/.codex/auth.jsonfile. This allows for session persistence and reuse across sessions without requiring a standard API key.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes well-known Python dependencies such asrequests,httpx,pyjwt, andpillowfor its network communication, token validation, and image processing tasks.\n- [SAFE]: All identified network activity, including OAuth flows and image generation API calls, is directed toward official OpenAI domains (auth.openai.comandchatgpt.com), ensuring that sensitive authentication data remains within the intended service provider's infrastructure.
Audit Metadata