Security audit

Codex Deepsearch

Security checks across malware telemetry and agentic risk

Overview

The flagged instruction appears to be a user-directed editing workflow, not hidden self-modification or unsafe persistence.

Before installing, understand that this skill may help an agent inspect local repository files and make user-requested documentation or skill-file edits. Use it when you are comfortable granting that local workspace authority, and keep edits directed to an explicit project or research directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Self-Modification

High

Category: Rogue Agent
Content: - Treat `AGENTS.md` and repo docs as maps and constraints, not as proof of external facts. - Prefer `rg`, `sed`, `git status`, and `git diff` for local inspection. - Use `apply_patch` for manual edits when the user explicitly asks to create research artifacts or update skill files. - Do not default to writing inside a project repository. Ask or use an explicitly authorized research directory. - Do not commit, stage, or push unless the user explicitly asks. - If Python is needed, use `uv` or an existing project/skill validation command; do not modify system Python.
Confidence: 85% confidence
Finding: update skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.