ohmg
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to execute
bunx oh-my-ag, which downloads and runs a package from the NPM registry. This package is not pinned to a specific version, increasing the risk of supply chain attacks or accidental execution of malicious updates. - [REMOTE_CODE_EXECUTION]: The framework includes an
updatecommand (bunx oh-my-ag update) that downloads and executes code at runtime. Additionally, thebridgecommand facilitates connections to external HTTP endpoints, which could be used to fetch and execute remote payloads. - [COMMAND_EXECUTION]: Multiple operations rely on shell execution through the
bunxutility for installation, system checks (doctor), and agent spawning. - [PROMPT_INJECTION]: The skill utilizes 'Serena Memory' stored in
.serena/memories/for cross-agent coordination. This creates an indirect prompt injection surface where data written to these files by one process or agent could maliciously influence the behavior of the orchestrator or other agents during the/coordinateworkflow. - Ingestion points: Reads structured state from
.serena/memories/and processes input through coordination commands. - Boundary markers: None specified in the instructions.
- Capability inventory: Possesses
Read,Write, andBashcapabilities, which are used to interact with the filesystem and execute CLI tools. - Sanitization: No mention of validation or sanitization for the data stored in memory or passed between agents.
Audit Metadata