codex-image
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill requires reading the user's access token from ~/.codex/auth.json and using it verbatim in HTTP requests/headers (and may display it via status), so the LLM must handle and embed secret credential values directly.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This code intentionally impersonates the official Codex CLI and reuses local ChatGPT OAuth credentials (~/.codex/auth.json) to stealthily consume the user's ChatGPT subscription quota for image generation, a deliberate deception/abuse of authentication and service fingerprints that can be used to misuse an account and upload user images to external APIs.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata