building-codex-hooks

Fail

Audited by Snyk on Jul 6, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The hook framework itself is not inherently malicious but it explicitly allows running repo- and user-supplied scripts (including resolving and executing repo-local scripts via git paths and arbitrary commands), exposes sensitive inputs (prompts, transcripts, cwd), and supports wrappers that can run any CLI — creating clear supply-chain, backdoor, and data-exfiltration risks if untrusted or tampered hooks are present.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 6, 2026, 05:19 AM
Issues
1
Security Audit — snyk — building-codex-hooks