omc
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to download and install a plugin from an unverified GitHub repository (
Yeachan-Heo/oh-my-claudecode) and a global NPM package (oh-my-claude-sisyphus) whose name does not match the skill or the stated author. - [REMOTE_CODE_EXECUTION]: The installation of external plugins and NPM packages allows for the execution of arbitrary code within the agent's environment, which is compounded by the skill's high-privilege access to
Bash,Write, andEdittools. - [COMMAND_EXECUTION]: The skill performs several high-risk system operations, including the modification of the agent platform's experimental configuration (
~/.claude/settings.json) and the execution of a background 'daemon' process (omc wait --start) for auto-resuming sessions. - [DATA_EXFILTRATION]: The skill's configuration instructions explicitly prompt users to provide sensitive API credentials, such as Telegram bot tokens and Discord webhooks, which are then stored and used by the tool.
- [PROMPT_INJECTION]: As an orchestration layer, the skill ingests natural language instructions and distributes them to multiple agents with system access, creating an indirect prompt injection surface.
- Ingestion points: Natural language task inputs via keywords like
autopilot:,team:, andralph:. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the orchestrator logic.
- Capability inventory: Full access to
Bash,Write,Edit,Read,Grep, andGlobacross 32 specialized agents. - Sanitization: No validation or sanitization of user-supplied tasks before they are passed to the agent executor pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata