Skills
skills/first-fluke/oh-my-agent/oma-image/Gen Agent Trust Hub

oma-image

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch remote content from third-party GitHub repositories (YouMind-OpenLab/awesome-gpt-image-2 and YouMind-OpenLab/awesome-nano-banana-pro-prompts) using the gh api tool to assist in prompt amplification logic.
  • [DATA_EXFILTRATION]: The skill transmits user-provided prompts and reference images (Base64 encoded) to external API endpoints:
  • gen.pollinations.ai/v1/images/generations (Pollinations API).
  • generativelanguage.googleapis.com (Google Gemini API).
  • [DATA_EXFILTRATION]: The skill accesses session-specific sensitive file paths to retrieve attached images for forwarding to APIs:
  • ~/.claude/image-cache/<session-uuid>/<N>.png.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8c: Tool output poisoning):
  • Ingestion points: Reads remote markdown files from GitHub repositories (YouMind-OpenLab) via gh api (documented in resources/prompt-tips.md).
  • Boundary markers: No delimiters or 'ignore embedded instructions' warnings are specified for the fetched remote content.
  • Capability inventory: Executes shell commands (oma image generate, gh api) and performs network operations (API calls to Pollinations/Gemini).
  • Sanitization: The agent is instructed to 'internalize the pattern' and 'compose your amplified prompt' based on the fetched content, which relies on the LLM's internal safety filters rather than explicit sanitization or validation of the remote data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:54 AM
Security Audit — agent-trust-hub — oma-image