model-usage
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/model_usage.pyinvokes thecodexbarCLI usingsubprocess.check_output(). The implementation is secure as it uses a fixed argument list and validates user-supplied input against a strict list of allowed options, preventing command injection. - [EXTERNAL_DOWNLOADS]: The skill's metadata includes installation instructions for the
codexbartool via a public Homebrew tap. This is an expected external dependency required for the skill's primary functionality. - [SAFE]: No malicious patterns such as data exfiltration, hardcoded credentials, or prompt injection were detected. The skill's operations are confined to processing local usage logs as described in its documentation.
Audit Metadata