oma-pm
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by design, as the agent must ingest and reason over external content to perform its role.
- Ingestion points: The agent reads user requests (SKILL.md) and uses the Serena tool to analyze local codebase symbols (resources/error-playbook.md).
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested text.
- Capability inventory: The skill is authorized to perform filesystem read operations and write plan artifacts to the '.agents/results/' directory.
- Sanitization: No validation or sanitization of ingested content is specified in the protocols.
Audit Metadata