chatgpt-codex-onboarding

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses script-mode delivery, necessitating the execution of Python code in a shell environment for authentication tasks.
  • [SAFE]: The implementation follows secure patterns for OAuth 2.0 device flows. Temporary state files are protected with owner-only (0600) permissions, and the system relies on platform-provided modules for secure credential handling.
  • [SAFE]: While the skill contains aspirational metadata mentioning unreleased models like 'GPT-5', this does not present a security risk to the user or the environment.
  • [SAFE]: An indirect prompt injection surface is noted where the skill returns strings to be processed by the agent.
  • Ingestion points: Instructions in the 'start' and 'poll' functions in exports.py.
  • Boundary markers: None explicitly implemented.
  • Capability inventory: File writes to workspace, local network requests, and shell execution in exports.py.
  • Sanitization: Content is primarily derived from static instruction templates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:38 AM
Security Audit — agent-trust-hub — chatgpt-codex-onboarding