run-codex-2

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill intentionally weakens sandbox and auth protections (hard-wiring --dangerously-bypass-approvals-and-sandbox, providing env bypass knobs, and applying a vendored patch that flips upstream defaults to "danger-full-access"), and it explicitly scripts linking .env files into worktrees and running detached agents with full network/filesystem access — not an immediate payload but a deliberate, high-risk capability that functions as a powerful backdoor/supply-chain escalation enabling data exfiltration or remote actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to bypass authentication and sandboxing (e.g. USE_CODEX_SKIP_CODEX_AUTH=1 and --dangerously-bypass-approvals-and-sandbox) and describes destructive filesystem/git/process actions (worktree removal, branch deletion, kill PID) — even if gated — so it encourages bypassing security mechanisms and altering machine state.