Skills
skills/first-fluke/oh-my-agent/oma-hwp/Gen Agent Trust Hub

oma-hwp

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the kordoc package from the npm registry using bunx at runtime.
  • [REMOTE_CODE_EXECUTION]: The execution protocol recommends installing the Bun runtime using a shell script from its official domain (bun.sh), which is executed directly in the terminal.
  • [REMOTE_CODE_EXECUTION]: The skill uses the bunx command to fetch and execute the kordoc utility from a remote package registry.
  • [COMMAND_EXECUTION]: The skill runs a local TypeScript script (flatten-tables.ts) and the kordoc command-line tool to perform document conversion and formatting.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted HWP, HWPX, and HWPML documents.
  • Ingestion points: Reads document files from the local filesystem (SKILL.md, execution-protocol.md).
  • Boundary markers: No delimiters or isolation instructions are present to separate document content from agent commands.
  • Capability inventory: The skill can execute shell commands via bunx and bun run, and performs file writes using Bun.write (flatten-tables.ts, execution-protocol.md).
  • Sanitization: While kordoc is reported to provide XSS and XXE defenses, there are no specific measures against indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 01:33 AM