building-codex-hooks
Fail
Audited by Snyk on Jul 6, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The hook framework itself is not inherently malicious but it explicitly allows running repo- and user-supplied scripts (including resolving and executing repo-local scripts via git paths and arbitrary commands), exposes sensitive inputs (prompts, transcripts, cwd), and supports wrappers that can run any CLI — creating clear supply-chain, backdoor, and data-exfiltration risks if untrusted or tampered hooks are present.
Issues (1)
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata