Skills
skills/yeachan-heo/oh-my-codex/ask/Gen Agent Trust Hub

ask

Fail

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions define shell command templates that incorporate user-provided input through the {{ARGUMENTS}} placeholder.
  • [COMMAND_EXECUTION]: The use of {{ARGUMENTS}} inside double quotes in commands such as claude -p "{{ARGUMENTS}}" and omx ask gemini "{{ARGUMENTS}}" is susceptible to command injection. An attacker providing input with shell metacharacters (e.g., ;, `, $(...)) could execute arbitrary commands on the host system with the privileges of the agent process.
  • [COMMAND_EXECUTION]: There is no evidence of input validation, escaping, or sanitization before the user-provided data is interpolated into the shell command strings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 6, 2026, 05:06 PM