ooo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the ouroboros-ai package via pip and provides an npx command to fetch the skill from the author's GitHub repository (akillness/oh-my-skills).
- [COMMAND_EXECUTION]: The workflow relies on the ouroboros CLI tool to perform actions such as initializing projects, running development loops, and managing system state.
- [CREDENTIALS_UNSAFE]: The documentation describes the configuration of sensitive API keys (Anthropic, OpenAI, OpenRouter) through environment variables and a local credentials.yaml file.
- [PROMPT_INJECTION]: The skill processes user-defined goals and constraints to generate code, which constitutes an indirect prompt injection surface. Ingestion points: user prompts and seed files; Boundary markers: none specified; Capability inventory: Bash, Write, Agent; Sanitization: none specified.
Audit Metadata