Skills
NYC
skills/supercent-io/skills-template/oh-my-codex/Gen Agent Trust Hub

oh-my-codex

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [Prompt Injection] (HIGH): The skill implements a --madmax flag which explicitly enables the --dangerously-bypass-approvals-and-sandbox setting in the underlying CLI. This is a direct attempt to override safety constraints and security boundaries.
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The installation process requires global installation of a package from an untrusted source (npm install -g oh-my-codex). Since the author and repository are not within the trusted scope, this poses a risk of supply chain attack or execution of malicious scripts during installation.
  • [Indirect Prompt Injection] (LOW): The skill automatically injects instructions from <cwd>/AGENTS.md into the model's system prompt.
  • Ingestion points: <cwd>/AGENTS.md file loaded via the -c model_instructions_file argument.
  • Boundary markers: None identified; instructions are injected directly as a configuration file.
  • Capability inventory: The skill has access to Bash, Write, and Read tools, providing a high-impact surface if instructions are compromised.
  • Sanitization: None; the skill assumes the local project file is safe to use as a system-level instruction override.
  • [Dynamic Execution] (MEDIUM): The skill supports lifecycle hooks by executing JavaScript files located in .omx/hooks/*.mjs. This allows for arbitrary code execution within the user's environment whenever session events occur.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:11 PM