Skills
skills/yeachan-heo/oh-my-codex/ecomode/Gen Agent Trust Hub

ecomode

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses the {{ARGUMENTS}} template variable to ingest untrusted user data directly into the agent prompt. This creates a surface for indirect prompt injection because there are no boundary markers or instructions to treat the data as data rather than instructions.
  • Ingestion points: SKILL.md via the {{ARGUMENTS}} placeholder.
  • Boundary markers: Absent. The skill does not use delimiters (like triple quotes or XML tags) to wrap the user input.
  • Capability inventory: No tool executions or shell commands are defined in the provided file.
  • Sanitization: Absent. The input is interpolated directly without escaping or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:59 AM
Security Audit — agent-trust-hub — ecomode