codex-skill-admin

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill script utilizes subprocess.Popen and subprocess.run to interact with the codex command-line utility. These calls are used to start a local application server for skill management and to check the status of skill visibility within the agent's prompt. These operations are essential to the skill's documented administrative functions and do not involve untrusted inputs.
  • [SAFE]: The skill accesses local session logs and history files located in ~/.codex/sessions to perform its usage audit. This allows it to identify which skills have been recently active. The analysis confirms that no data from these files is transmitted to external servers; all network communication is strictly limited to the loopback interface (127.0.0.1) for local JSON-RPC interaction.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 04:05 AM
Security Audit — agent-trust-hub — codex-skill-admin