Skills
skills/supercent-io/skills-template/oh-my-codex/Gen Agent Trust Hub

oh-my-codex

Fail

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires global installation of the oh-my-codex package from an unverified NPM registry source and @openai/codex from a well-known vendor.
  • [REMOTE_CODE_EXECUTION]: Provides a --madmax flag which is documented to map to the underlying --dangerously-bypass-approvals-and-sandbox flag, deliberately disabling critical security boundaries and manual approval requirements during execution.
  • [REMOTE_CODE_EXECUTION]: Implements a hook system that executes arbitrary JavaScript files (.mjs) located in the .omx/hooks/ directory during session events, enabling persistent and dynamic code execution.
  • [COMMAND_EXECUTION]: Utilizes the Bash tool to perform system setup tasks, execute diagnostic checks, and manage background multi-agent workers in tmux sessions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 7, 2026, 07:03 AM