oma-coordination
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via the 'oma' CLI tool and local scripts to coordinate tasks between different agents.
- Evidence: 'SKILL.md' contains the command 'oma agent:spawn backend "task description" session-id -w ./backend &'.
- Evidence: 'resources/examples.md' contains references to executing '.agents/skills/orchestrator/scripts/spawn-agent.sh'.
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted user data (task descriptions) and passing it directly to sub-agents or CLI tools without sanitization.
- Ingestion points: User-provided 'task description' in 'SKILL.md' and task descriptions in 'resources/examples.md'.
- Boundary markers: Absent. User input is interpolated directly into shell command arguments.
- Capability inventory: Shell execution capabilities via 'oma' and 'spawn-agent.sh' across all scripts.
- Sanitization: Absent. The instructions do not provide any guidance on validating or escaping user-provided task descriptions before they are used in CLI commands.
Audit Metadata