use-codex

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill intentionally disables codex sandboxing and approval gates (vendored codex.mjs patch flipping defaults to "danger-full-access"), hard-wires --dangerously-bypass-approvals-and-sandbox into every spawn, and exposes env flags to skip auth/preflight and to run detached runners — this design creates a clear, deliberate backdoor-like capability enabling local file reads and unrestricted network egress (easy exfiltration of secrets) and a persistent supply-chain risk via the vendored/patch mechanism.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent/operator to bypass auth and sandbox checks (USE_CODEX_SKIP_CODEX_AUTH, --dangerously-bypass-approvals-and-sandbox) and to perform destructive filesystem and process actions (worktree removal, git branch deletion, kill PIDs, cleanup --execute) that alter machine state, so it encourages bypassing security mechanisms even though it doesn't request sudo or user creation.