coding-agent

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The document repeatedly instructs bypassing sandboxing and permission controls (e.g., --yolo, --dangerously-skip-permissions, --permission-mode bypassPermissions), allows host-elevated execution and background PTY sessions, and adds instructions for automated remote callbacks — patterns that enable remote code execution and covert data exfiltration even though no explicit payload is included.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill runs git clone at runtime (git clone https://github.com/user/repo.git $REVIEW_DIR) to fetch a remote repository that the coding agent (codex) will operate on and use as its workspace, meaning external content is injected into the agent's runtime context and can directly influence its behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). This prompt explicitly instructs agents to bypass sandboxing and permission checks (e.g. --yolo, --permission-mode bypassPermissions, --dangerously-skip-permissions) and exposes an "elevated" host execution mode, encouraging operation outside safe confines and risking compromise of the machine state.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 06:05 AM
Issues
3
Security Audit — snyk — coding-agent