The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs software from unverified external sources. It fetches a plugin from https://github.com/Yeachan-Heo/oh-my-claudecode and suggests a global npm package installation for oh-my-claude-sisyphus. These sources are not affiliated with the stated author 'akillness' nor are they included in the trusted vendors list.
[COMMAND_EXECUTION]: The skill requires extensive command-line permissions, including the Bash tool. It uses these permissions to perform global installations (npm install -g), modify system configuration files (~/.claude/settings.json), and manage background daemons (omc wait --start).
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection (Category 8).
Ingestion points: Processes natural language tasks and PR bodies as input for agent orchestration (SKILL.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the orchestration logic.
Capability inventory: The skill utilizes Bash, Write, and Edit tools, allowing for file modification and code execution based on agent outputs (SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the external content processed by the 32 specialized agents.

omc