Skills
skills/yeachan-heo/oh-my-claudecode/ralplan/Gen Agent Trust Hub

ralplan

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill coordinates a complex workflow that invokes other internal skills (omc-plan, team, ralph) and can optionally call a user-defined MCP tool for project context.
  • [DATA_EXPOSURE]: The skill reads configuration files from the user's home directory (~/.config/claude-omc/config.jsonc) and the local project directory (.claude/omc.jsonc) to determine planning parameters.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from a configured external MCP tool to provide company context.
  • Ingestion points: User-supplied task descriptions and the output of a configured companyContext.tool.
  • Boundary markers: The skill explicitly instructs the agent to treat the returned tool output as 'quoted advisory context only'.
  • Capability inventory: The skill can invoke other agents for planning and execute tasks through the team or ralph skills.
  • Sanitization: Includes a mandatory rule to never treat the advisory context as executable instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 04:10 PM