application security (OWASP
STRIDE threat modeling) and code architecture
Agent skill for codex-first
Loading actions...
Main instructions and any bundled files for this skill.
Claude Code sessions only. Codex/other harnesses: skip; never self-delegate.
Rationale: Claude (Fable/Opus) tokens metered + expensive; Codex flat-rate. GPT-5.5+ is usually the better and faster model at writing/implementing code; Claude wins at ergonomics — judgment, design, spec-writing, review, orchestration. So Codex types, Claude thinks and verifies.
Delegate to Codex (default for hands-on work):
Keep in Claude:
Mixed task: Claude designs first, freezes spec, delegates build-out.
Heuristic: prompt reads as a work order → delegate; writing it forces decisions → design, Claude.
Portfolio/multi-repo work: $maintainer-orchestrator instead.
Prompt via temp file, never inline quoting:
P=$(mktemp); cat >"$P" <<'EOF'
<goal, repo + key paths, constraints ("don't touch X"), non-goals, proof expected, output shape>
EOF
command codex exec --yolo -C <repo> \
-c model_reasoning_effort="high" \
-o /tmp/codex-last.md - <"$P" 2>/dev/null
--yolo is the house default; Codex may run commands/tests freely. Keep prompts scoped to the target repo.command codex bypasses the interactive zsh wrapper; if not on PATH: fnm exec --using default -- codex2>/dev/null only to debug a failing run-o file for the result; don't parse the JSONL stream-o file on exit; don't kill quiet runs <30 min-o files--skip-git-repo-checkFollow-up fixes — cheaper than fresh runs, keeps context. resume has no -C/--yolo: run from the repo dir, spell the long flag:
(cd <repo> && command codex exec resume --last \
--dangerously-bypass-approvals-and-sandbox \
-o /tmp/codex-last.md - <"$P2" 2>/dev/null)
Codex starts with zero session context. Every prompt: goal, exact repo/paths, constraints, non-goals, proof expected (exact test command), output shape ("report files changed + test output"). Spec quality decides success.
git status -sb + read the full diff; judge like a contributor PR$autoreview before shipWin = generation + exploration tokens moved to Codex; Claude spends only on spec + diff review. Don't ping-pong trivia through delegation; don't re-read what Codex already summarized.
STRIDE threat modeling) and code architecture
capitalization
param2: value2)'