mimo2codex-proxy
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that pipe remote shell scripts directly from an unverified GitHub repository (
7as0nch/mimo2codex) into the system shell usingcurl | bashandirm | iexpatterns. This allows for the immediate execution of untrusted code without user review. - [COMMAND_EXECUTION]: The proxy server documents explicit support for a
local_shelltool, which enables the underlying AI models to execute arbitrary shell commands on the user's local machine. - [EXTERNAL_DOWNLOADS]: The skill promotes the installation of a global NPM package and the retrieval of configuration files from non-authoritative external sources.
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by ingesting and processing data from external LLM providers (MiMo, DeepSeek) while having high-privilege access to the system shell.
- Ingestion points: LLM responses from upstream providers (MiMo/DeepSeek) handled in SKILL.md.
- Boundary markers: None identified in the provided instructions or configuration examples.
- Capability inventory: Presence of the
local_shelltool for command execution. - Sanitization: No evidence of input validation or sanitization for content received from remote LLM providers.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/7as0nch/mimo2codex/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata