Skills
skills/yeachan-heo/oh-my-codex/ultragoal/Gen Agent Trust Hub

ultragoal

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local CLI utility omx to create goals, manage workflow state, and record checkpoints in the repository's .omx directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of user-provided briefs.
  • Ingestion points: Input is accepted via command-line arguments (--brief, --brief-file) or standard input as described in SKILL.md.
  • Boundary markers: The instructions do not define delimiters or warnings to prevent the agent from following instructions embedded within the user brief.
  • Capability inventory: The skill utilizes shell commands (omx) and state management tools (create_goal, update_goal, get_goal) to execute the plan derived from the brief.
  • Sanitization: There is no evidence of validation or sanitization of the input brief before it is used to generate goals.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:59 AM