Skills
skills/yeachan-heo/oh-my-claudecode/skill/Gen Agent Trust Hub

skill

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The /skill setup and /skill scan subcommands include shell script blocks (bash) that perform directory creation (mkdir -p) and extensive file system inventory using commands like find, grep, sed, stat, and wc.
  • [EXTERNAL_DOWNLOADS]: The 'Import Skill' feature enables the agent to download content from arbitrary URLs (e.g., GitHub Gists). Because skills contain instructions that control agent behavior, importing files from untrusted external sources is a significant security risk.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) because it is designed to ingest and process external instruction files.
  • Ingestion points: Skill files read from ~/.claude/skills/omc-learned/, .omc/skills/, and arbitrary URLs provided by the user.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions found within the processed skill files.
  • Capability inventory: The skill has broad capabilities including file system read/write, directory management, and shell command execution.
  • Sanitization: No specific sanitization, escaping, or validation logic is defined for the imported content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 07:07 PM