omx
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary instructions and documentation in SKILL.md and references/cli-reference.md explicitly direct the agent to utilize the
--madmaxflag. This flag is documented as a mechanism to "dangerously bypass approvals and sandbox," which directly overrides the platform's core security controls and safety filters. - [COMMAND_EXECUTION]: The skill implements the "sparkshell" feature and "team" runtime, which allow the agent to execute arbitrary shell commands and manage parallel execution via tmux or psmux. When used in conjunction with the recommended sandbox bypass, this provides an unconstrained environment for command execution.
- [EXTERNAL_DOWNLOADS]: The scripts/install.sh file automates the installation of external dependencies from the public npm registry, specifically fetching the @openai/codex and oh-my-codex packages. These represent external code dependencies executed during setup.
- [DATA_EXFILTRATION]: The validation script scripts/validate-omx.sh accesses the OPENAI_API_KEY environment variable. While this is used for diagnostic purposes, it demonstrates the skill's capability to access and verify sensitive credentials within the agent environment.
Recommendations
- AI detected serious security threats
Audit Metadata