Skills
skills/yeachan-heo/oh-my-codex/doctor/Gen Agent Trust Hub

doctor

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to diagnose and repair installation issues, which includes the deletion of files and directories (e.g., rm -rf ~/.codex/hooks/ and rm -rf ~/.agents/skills/). While these actions are intended to resolve configuration conflicts, they represent destructive operations on the local file system.
  • [EXTERNAL_DOWNLOADS]: The skill downloads updated configuration data (AGENTS.md) from the author's GitHub repository (github.com/Yeachan-Heo/oh-my-codex). It also uses npm view to check for the latest package version online.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface (Category 8) where remote content from GitHub is fetched and written to a local configuration file.
  • Ingestion points: Remote content is retrieved via WebFetch from github.com/Yeachan-Heo/oh-my-codex/main/docs/AGENTS.md.
  • Boundary markers: None present; the skill requests the "complete raw markdown content exactly as-is".
  • Capability inventory: The skill has the capability to execute shell commands (rm, find, ls) and write to configuration files.
  • Sanitization: There is no evidence of sanitization or validation performed on the fetched content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:59 AM
Security Audit — agent-trust-hub — doctor