omc
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches code and plugins from an untrusted GitHub repository (Yeachan-Heo/oh-my-claudecode) and an external npm package (oh-my-claude-sisyphus) that does not belong to the skill author or a trusted vendor.
- [REMOTE_CODE_EXECUTION]: Use of the
/plugin marketplace addcommand with a remote URL executes external code within the agent environment. The installation of external npm packages further enables execution of unverified scripts. - [COMMAND_EXECUTION]: The skill instructs the user to run setup scripts and global npm installations. It specifically enables a background daemon via
omc wait --start, creating a persistent execution mechanism on the host system. - [CREDENTIALS_UNSAFE]: The configuration utility
omc config-stop-callbackencourages users to provide sensitive Discord webhooks and Telegram bot tokens as plaintext command-line arguments, exposing them to shell history and local process logging. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its multi-agent orchestration.
- Ingestion points: User-provided task descriptions processed by the 'autopilot' and 'team' agents (SKILL.md).
- Boundary markers: None identified to separate instructions from data within the orchestrated pipeline.
- Capability inventory: The skill utilizes tools for Bash execution, filesystem modification (Write/Edit), and data retrieval (Read/Grep).
- Sanitization: No input validation or sanitization of task content is specified.
Recommendations
- AI detected serious security threats
Audit Metadata