subagent-driven-codex

Warn

Audited by Socket on Jun 24, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill's behavior is largely aligned with its stated orchestration purpose, but it materially increases risk by delegating code and plan context to an external Codex bridge, granting broad write access to autonomous reviewer sessions, and depending on another skill as a trust boundary. This looks like a risky external-agent workflow rather than malware.

Confidence: 84%Severity: 61%
Audit Metadata
Analyzed At
Jun 24, 2026, 01:49 AM
Package URL
pkg:socket/skills-sh/SipengXie2024%2Fsuperpower-planning%2Fsubagent-driven-codex%2F@bab94ebeb54ea665ab092895f709a96f1833e73f75596da56466b5fcd2f3c4c3
Security Audit — socket — subagent-driven-codex