Skills
skills/akillness/oh-my-unity3d/omx/Gen Agent Trust Hub

omx

Fail

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the oh-my-codex package from the public npm registry to provide its core functionality.
  • [REMOTE_CODE_EXECUTION]: The instructions explicitly recommend using the --madmax flag, which maps to the --dangerously-bypass-approvals-and-sandbox configuration in the Codex CLI. This disables critical safety guardrails and allows the agent to execute code without user oversight or sandbox restrictions.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform complex system-level tasks, including managing tmux sessions and parallel team workers, which increases the impact of any compromised or malicious instructions.
  • [PROMPT_INJECTION]: The autonomous execution modes such as $autopilot and $ralph create a significant vulnerability to indirect prompt injection. If the agent processes untrusted external data while the security sandbox is disabled via the recommended flags, it could be coerced into performing malicious system operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 02:05 PM