ohmg
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches external resources from the npm registry during setup and execution using the bunx utility.
- [REMOTE_CODE_EXECUTION]: The skill executes code downloaded from an untrusted third-party source. Evidence: The package 'oh-my-ag' (source: first-fluke/oh-my-ag) is executed directly via 'bunx' for installation, diagnostics, and orchestration.
- [COMMAND_EXECUTION]: Shell access is used to run local CLI tools and manage agent processes. Evidence: Usage of the Bash tool for commands like 'oh-my-ag agent:spawn' and 'bunx oh-my-ag bridge'.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via shared state management. Evidence: 1. Ingestion points: Data is read from state files in the '.serena/memories/' directory. 2. Boundary markers: No delimiters or instruction-ignore warnings are defined for memory file processing. 3. Capability inventory: The skill possesses Bash, Write, and agent-spawning capabilities. 4. Sanitization: No evidence of validation or sanitization is present for data ingested from the shared memory directory.
Recommendations
- AI detected serious security threats
Audit Metadata