ohmg
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to run
bunx oh-my-ag, which downloads and executes code from an external npm package that is not associated with a trusted vendor or well-known service. - [COMMAND_EXECUTION]: The skill requests permission for the
Bashtool and executes CLI commands such asbunx,oh-my-ag doctor, andoh-my-ag agent:spawnfor framework setup and agent orchestration. - [DATA_EXFILTRATION]: The skill includes a bridging tool (
bunx oh-my-ag bridge) that is capable of forwarding agent data to external network endpoints. - [PROMPT_INJECTION]: The multi-agent framework is vulnerable to indirect prompt injection due to its shared state mechanism. Ingestion points: The skill reads and writes structured state to
.serena/memories/for cross-agent coordination as described inSKILL.md. Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within the shared memory. Capability inventory: The skill has access to high-privilege tools includingBashand the ability to spawn agents. Sanitization: There is no evidence of sanitization or validation of the data shared between agents. This allows an agent processing malicious external data to write instructions into the shared memory that could be accidentally executed by other agents in the workflow.
Audit Metadata