Skills
skills/first-fluke/oh-my-ag/oma-image/Gen Agent Trust Hub

oma-image

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its prompt amplification workflow.
  • Ingestion points: In resources/prompt-tips.md, the agent is instructed to fetch external creative briefs and prompt templates from the YouMind-OpenLab repositories on GitHub using the gh api command.
  • Boundary markers: The instructions do not define any delimiters or safety boundaries for the fetched external content, meaning the agent might interpret malicious instructions embedded in the prompt templates as authoritative.
  • Capability inventory: The skill possesses significant capabilities, including executing subprocesses for image generation (oma, codex) and interacting with the GitHub API.
  • Sanitization: No sanitization or validation logic is present for the data retrieved from the remote prompt libraries before it is incorporated into the agent's prompt context.
  • [EXTERNAL_DOWNLOADS]: The skill relies on fetching content from external sources at runtime.
  • Evidence: resources/prompt-tips.md contains instructions for the agent to execute gh api to download markdown files from the YouMind-OpenLab/awesome-nano-banana-pro-prompts and YouMind-OpenLab/awesome-gpt-image-2 repositories. The data is then decoded from Base64 and processed locally.
  • [COMMAND_EXECUTION]: The skill operates primarily by executing shell commands and local CLI tools.
  • Evidence: The skill invokes oma image generate, codex exec, and gh api. It also instructs the user to run oma update for maintenance, as seen in SKILL.md and resources/execution-protocol.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 09:10 AM