Analysis updated 2026-05-18
Run a pre-launch security checklist over a codebase to catch exposed API keys and broken access controls.
Analyze an authorized CTF challenge environment with a structured Codex workflow.
Write up a report on an AI specific vulnerability such as prompt injection in an agent system.
| ypyik0669/ctf-codex | ophircloud/fast-kubernetes | zhanyuyue7-dotcom/codex-computer-use | |
|---|---|---|---|
| Stars | 13 | 13 | 13 |
| Language | PowerShell | PowerShell | PowerShell |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 2/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires copying files into Codex configuration directories and restarting Codex, using a shell or PowerShell install script.
This is a security audit skill for the Codex CLI, which is an AI coding assistant. The README is written in Chinese. The skill extends Codex with structured workflows for finding security problems in code and systems. It is intended only for use on systems you own, maintain, or have been explicitly authorized to test, including Capture the Flag competitions. The skill has three modes. The first, called release-audit, is a pre-launch security checklist that looks for real problems that could cause immediate harm, such as API keys accidentally bundled into front-end code, payment amounts controlled by the client instead of the server, broken access controls that let one user read another user's data, webhooks without signature verification, and similar issues. The second mode, called ctf, is for analyzing challenge environments in authorized security competitions. The third mode, called safety-bounty, is for organizing and writing up reports about AI-specific security vulnerabilities such as prompt injection or tool-boundary failures in agent systems. When run in release-audit mode, Codex outputs a structured report for each finding that includes what was found, how severe it is, where the evidence is in the code, what the real-world impact would be, how to fix it, how to verify the fix, and whether the project should be blocked from shipping. Severity levels range from BLOCKER, meaning do not launch, down through HIGH and MEDIUM to INFO. Installing the skill copies several files into Codex configuration directories on your machine. On Windows you run a PowerShell install script, on macOS and Linux you run a shell script. After restarting Codex, you call the skill with a command like $ctf followed by the mode name, a path to the project to audit, and the platform type such as web, api, mobile, or desktop. The repository also includes copyable prompt templates for defenders who want to ask Codex to review input validation or check for SQL injection without installing the full skill.
A security audit skill for the Codex AI coding assistant that runs structured checks for launch blocking bugs, CTF challenges, and AI safety issues.
Mainly PowerShell. The stack also includes PowerShell, Codex CLI.
No license information is given in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.