ocx-use
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill directs the agent to execute a remote script using a highly dangerous pattern. Evidence: 'curl -fsSL https://ocx.kdco.dev/install.sh | sh' in SKILL.md. This allows the domain 'ocx.kdco.dev' to execute arbitrary commands on the user's host machine. The source is not a trusted external repository.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill facilitates the installation of unverified software from external sources. Evidence: 'ocx registry add https://registry.kdco.dev' and 'ocx add kdco/workspace'. These components are downloaded from unverified registries, exposing the system to malicious software.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the 'ocx' binary to perform system-level initialization and configuration. Evidence: 'ocx init' and 'ocx ghost init' in SKILL.md. These commands modify the local environment and manage persistent profiles.
- [PROMPT_INJECTION] (HIGH): The skill has a significant attack surface for Indirect Prompt Injection as it processes untrusted component data and registry responses. Evidence Chain: 1. Ingestion: 'ocx add', 'ocx search' (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: 'curl | sh', binary execution (SKILL.md); 4. Sanitization: Absent.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://ocx.kdco.dev/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata