oma-pm
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its resources are focused on project management and planning. No security vulnerabilities or malicious behaviors were identified across the analyzed files.
- [PROMPT_INJECTION]: The instructions are role-appropriate and do not contain patterns designed to bypass safety filters, disregard prior instructions, or extract system prompts. The 'Core Rules' serve to maintain the quality of the planning output.
- [DATA_EXFILTRATION]: There are no unauthorized data access or external network transmission patterns. The skill saves planning results to designated local project directories (.agents/results/).
- [COMMAND_EXECUTION]: The skill does not execute shell commands or attempt privilege escalation. It utilizes standard tool-based analysis (Serena) to understand existing codebase structures.
- [EXTERNAL_DOWNLOADS]: No remote scripts or unverified packages are downloaded. References to other domain skills and shared protocols point to local, environment-specific resources.
- [DATA_EXPOSURE]: No hardcoded credentials or sensitive file paths are targeted. The skill accesses project manifests (e.g., package.json) solely for architectural analysis, which is consistent with its primary purpose.
Audit Metadata