ccg
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating AI-generated prompts into double-quoted strings (e.g.,
omc ask codex "<codex prompt>"). This pattern is vulnerable to shell injection if the prompt contains shell metacharacters like backticks, semicolons, or unmatched double quotes, which could allow arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of global NPM packages
@openai/codexand@google/gemini-cli. These packages are not official releases from OpenAI or Google and their source is unverified, representing a supply chain risk. - [PROMPT_INJECTION]: The skill processes untrusted user data and passes it to secondary models, creating a surface for indirect prompt injection.
- Ingestion points: User-provided
<task description>via the/oh-my-claudecode:ccgcommand. - Boundary markers: None. The content is directly wrapped in double quotes within a shell command.
- Capability inventory: Execution of shell commands via the
omcCLI tool. - Sanitization: No sanitization or escaping of shell-sensitive characters is performed on the user input before it is used in a command string.
Audit Metadata