The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the third-party 'oh-my-codex' package from the public NPM registry.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the '@openai/codex' package from the official OpenAI package repository.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands for environment setup, diagnostic checks, and session management using 'tmux' for parallel orchestration.\n- [REMOTE_CODE_EXECUTION]: The skill promotes the use of the '--madmax' flag, which is documented to map to the Codex '--dangerously-bypass-approvals-and-sandbox' configuration. This setting intentionally removes security containment and permits unrestricted code execution without human approval.\n- [REMOTE_CODE_EXECUTION]: The skill includes a hook extension system that enables the dynamic execution of arbitrary JavaScript files located in the local '.omx/hooks/' directory.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. Ingestion points: Task descriptions provided to '$autopilot', '$plan', and '$team' commands in SKILL.md. Boundary markers: No delimiters or protective instructions are present to separate untrusted data from instructions. Capability inventory: The skill utilizes the Bash tool for command execution and has Write access for file operations. Sanitization: There is no evidence of input validation or escaping for user-provided strings before they are processed by the orchestration layer.

omx