Skills
skills/yeachan-heo/oh-my-codex/ask-claude/Gen Agent Trust Hub

ask-claude

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses string interpolation to place user-provided arguments directly into shell commands such as omx ask claude "{{ARGUMENTS}}" and claude -p "{{ARGUMENTS}}". This pattern is vulnerable to command injection because shell metacharacters (e.g., ;, &&, |, or backticks) provided in the input can be used to execute unauthorized system commands on the host machine.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted user data. Ingestion points: User input enters via the {{ARGUMENTS}} placeholder in SKILL.md. Boundary markers: Arguments are wrapped in double quotes, which do not provide adequate protection against shell escaping or command termination. Capability inventory: The skill can execute local subprocesses and write to the filesystem (.omx/artifacts/). Sanitization: There is no evidence of input validation, filtering, or character escaping to prevent malicious data from manipulating the shell execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 05:24 AM