Skills
skills/akillness/oh-my-skills/omc/Gen Agent Trust Hub

omc

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the oh-my-claudecode plugin from its GitHub repository and the oh-my-claude-sisyphus package via npm.
  • [EXTERNAL_DOWNLOADS]: Downloads command-line tools from well-known services, specifically @google/gemini-cli and @openai/codex.
  • [COMMAND_EXECUTION]: Executes shell commands via the Bash tool for installation, setup, and runtime management of the omc CLI.
  • [PROMPT_INJECTION]: Implements magic keyword detection via session hooks, creating an indirect prompt injection surface where keywords in prompts or codebase files can trigger orchestration modes.
  • Ingestion points: User prompts and codebase files processed by the agent.
  • Boundary markers: Uses system-reminder tags for context injection.
  • Capability inventory: Subprocess execution via Bash, file system access via Write, and agent delegation via the Agent tool.
  • Sanitization: No explicit filtering for malicious triggers within the hook scanning logic is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 04:32 AM