omx
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
--madmaxflag, which explicitly maps to--dangerously-bypass-approvals-and-sandboxin the underlying Codex CLI, disabling critical safety protections. - [EXTERNAL_DOWNLOADS]: The installation process requires downloading the
oh-my-codexpackage from NPM and running a setup command (omx setup), which involves executing code from an external source. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of agent-generated code through its 'exec' and 'fix' pipeline stages. Additionally, it supports hook extensions in
.omx/hooks/*.mjsthat are dynamically loaded and executed during the session lifecycle. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Untrusted data enters the context via task strings in workflow skills such as
$planand$autopilot. Boundary markers: None present. Capability inventory: Significant, includingBashandWritetools used byexecutoragents. Sanitization: No sanitization or validation of the agent-generated code or user-provided tasks is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata