collaborating-with-codex

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt requires capturing a returned SESSION_ID and then including that exact SESSION_ID verbatim in subsequent codex_bridge.py command invocations (as a --SESSION_ID argument), which forces the model to handle/output a session secret token directly and creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The script intentionally avoids strict sandboxing (no read-only mode, defaults to danger-full-access, auto-downgrades workspace-write to danger-full-access on probe failure, and exposes a --yolo bypass) while forwarding the full environment to an external "codex" CLI, which enables remote model-driven arbitrary command execution and easy exfiltration of environment secrets/data.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly defaults to a "danger-full-access" sandbox, documents a privileged fix using "sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0", and exposes an unsafe "--yolo" flag and sandbox-downgrade behavior that encourage bypassing sandboxing and making privileged system changes, which can compromise the host state.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 13, 2026, 05:55 PM
Issues
3
Security Audit — snyk — collaborating-with-codex