Skills
skills/yeachan-heo/oh-my-claudecode/ask-codex/Gen Agent Trust Hub

ask-codex

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates the {{ARGUMENTS}} placeholder directly into shell command strings: omc ask codex "{{ARGUMENTS}}" and bash "${CLAUDE_PLUGIN_ROOT}/scripts/ask-codex.sh" "{{ARGUMENTS}}". This pattern allows for command injection if the user input contains shell metacharacters like backticks, dollar signs, or semicolons that trigger sub-command execution.
  • [EXTERNAL_DOWNLOADS]: The skill documentation indicates a dependency on a 'Local Codex CLI' that must be installed and authenticated on the host system. This introduces a third-party dependency into the environment.
  • [PROMPT_INJECTION]: The skill acts as a vulnerability surface for indirect prompt injection. 1. Ingestion point: {{ARGUMENTS}} in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Ability to execute shell commands and run local bash scripts. 4. Sanitization: No escaping or validation is performed on user-controlled data before it is passed to the system shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 10:58 AM