omx-setup
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from AGENTS.md, creating a surface for indirect prompt injection. \n
- Ingestion points: The documented setup process reads and merges content from
AGENTS.mdin the project root. \n - Boundary markers: Employs explicit delimiters (
<!-- OMX:AGENTS:START -->and<!-- OMX:AGENTS:END -->) to distinguish managed content from user-authored sections. \n - Capability inventory: The
omx setupcommand performs file system modifications to core configuration and hook files. \n - Sanitization: No explicit sanitization or filtering of the user-authored instructions within
AGENTS.mdis described. \n- [COMMAND_EXECUTION]: The skill instructs the agent on executing setup procedures that modify local environment and configuration files. \n - File access: Modifies
~/.codex/config.tomland~/.codex/hooks.jsonto configure tool behavior and MCP servers. \n - Environment management: Handles the configuration of
CODEX_HOMEand tool-specific state directories (.omx).
Audit Metadata