The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs users to install a plugin from a personal GitHub repository (Yeachan-Heo/oh-my-claudecode) and a global NPM package (oh-my-claude-sisyphus). These sources do not align with the stated author identity (JEO-tech-ai).
[EXTERNAL_DOWNLOADS]: Fetches optional CLI tools from Google and OpenAI's official package registries.
[COMMAND_EXECUTION]: The skill uses /omc:omc-setup and /omc:omc-doctor which execute local scripts for configuration and debugging. It also manages a background daemon (omc wait --start) for auto-resuming sessions, which acts as a persistence mechanism.
[CREDENTIALS_UNSAFE]: The skill configuration prompts users to provide sensitive credentials, specifically Telegram bot tokens and Discord webhook URLs, which are then passed via command-line arguments and potentially stored in local configuration files.
[PROMPT_INJECTION]: As a multi-agent orchestration layer with access to tools like Bash and Edit, the skill is susceptible to indirect prompt injection if the data it processes (e.g., external codebases or task descriptions) contains malicious instructions.
Ingestion points: User-provided tasks and external file content (SKILL.md) processed by specialized agents.
Boundary markers: None identified in the provided instructions to delimit untrusted data from agent instructions.
Capability inventory: High-privilege tools including Read, Write, Bash, Grep, Glob, and Edit available across 32 specialized agents.
Sanitization: No explicit sanitization, validation, or escaping of external content before interpolation is described.

omc