oma-recap
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses conversation history files located at
~/.claude/history.jsonl. This data contains previous interactions and is accessed to generate work summaries. No network transmission of this data was detected. - [COMMAND_EXECUTION]: The skill uses the
omaCLI tool andjqfor processing history data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted conversation history data. Malicious instructions embedded in past conversations could potentially influence the agent's summary generation process.
- Ingestion points:
~/.claude/history.jsonland output from theoma recapcommand. - Boundary markers: None identified in the prompt interpolation process.
- Capability inventory: Command execution via
omaandjq, and file writing to the.agents/results/recap/directory. - Sanitization: No explicit sanitization or filtering of historical prompt content is described.
Audit Metadata