oma-docs

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes several shell commands including git diff, git apply, which, and lychee.
  • git apply is used to modify documentation, but the skill design enforces an interactive process where the user must explicitly approve each patch.
  • which is used for environment discovery to detect the presence of CLI tools.
  • [EXTERNAL_DOWNLOADS]: The skill recommends the use of lychee, an external Rust-based URL checker. It provides a link to the official GitHub repository (lycheeverse/lychee) for installation instructions.
  • [DATA_EXPOSURE]: The skill includes explicit security logic to redact secrets and sensitive files. It excludes files such as .env*, *.pem, *.key, and id_rsa* from being processed during synchronization tasks to prevent accidental exposure of credentials to the host LLM.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes Markdown documentation files (docs/**/*.md) which are used by the host LLM to generate patch proposals.
  • Ingestion points: Documentation files found in docs/.
  • Boundary markers: Supports escape hatch markers (<!-- oma-docs:ignore-start -->) to ignore specific sections of text.
  • Capability inventory: Supports file writes and git apply commands, but requires user confirmation for all modifications.
  • Sanitization: Implements secret-pattern and gitignore-based file exclusion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-docs