ohmg
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to run 'bunx oh-my-ag', which downloads and executes code from an external package repository during setup and system checks.
- [REMOTE_CODE_EXECUTION]: By using 'bunx' to execute the 'oh-my-ag' package, the skill facilitates the execution of unverified remote code. The source repository ('first-fluke/oh-my-ag') is not a verified vendor resource, presenting a risk of executing unvetted logic.
- [COMMAND_EXECUTION]: The skill requires access to the 'Bash' tool. This permission allows the external package and coordinated agents to execute arbitrary shell commands on the host system.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection:
- Ingestion points: Processes user-provided complex project requirements and task descriptions in the 'SKILL.md' usage patterns.
- Boundary markers: Absent. There are no clear delimiters or instructions to ignore embedded commands within the data processed for agent coordination.
- Capability inventory: The skill possesses high-privilege tools including 'Bash', 'Read', and 'Write'.
- Sanitization: Absent. User-provided task descriptions are passed directly to agent spawning commands without validation.
Audit Metadata