oh-my-openagent-orchestration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links are mostly to a GitHub repo, raw docs, a website and a Discord invite (no direct .exe/.msi), but the skill explicitly recommends running npm/npx for an unfamiliar package and points to small/unknown domains/users — a common vector for code execution/malware — so it is moderately high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents built-in MCPs that fetch public content (e.g., "Exa: Search the web" and "Grep.app: GitHub Code Search") and background research agents that ingest results, so the agent will read and act on untrusted user-generated/open-web sources (see "Built-in MCPs" and "Background Agents" sections).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime config runs "npx -y oh-my-opencode" (and references the project repo https://github.com/code-yeongyu/oh-my-openagent), which will fetch and execute remote npm package code at runtime that controls the agent orchestration and prompts.