Skills
skills/sd0xdev/sd0x-dev-flow/codex-cli-review/Gen Agent Trust Hub

codex-cli-review

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/review.sh uses the eval function to execute a command string constructed from user-supplied arguments including --title, --base, and --prompt. This allows for arbitrary command execution on the host system if an attacker provides inputs containing shell metacharacters or command substitution sequences (e.g., $(...)).
  • [DATA_EXFILTRATION]: The skill configuration explicitly requests disk-full-read-access permissions. While this is aligned with the skill's stated purpose of codebase review, the combination of full disk access with a command injection vulnerability creates a critical path for an attacker to read and exfiltrate sensitive files, environment variables, and credentials from the host machine.
  • [EXTERNAL_DOWNLOADS]: The skill requires and recommends the installation of the @openai/codex CLI package from the public NPM registry. While OpenAI is recognized as a well-known organization, the use of external execution tools increases the overall security footprint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 01:12 AM