ohmg
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'bunx' to fetch the 'oh-my-ag' package from the NPM registry during installation and execution. This package is not associated with a trusted vendor or well-known service provided in the trusted list.
- [REMOTE_CODE_EXECUTION]: Arbitrary code from the 'oh-my-ag' package is executed on the host system to perform diagnostics, setup agent environments, and manage bridge connections.
- [COMMAND_EXECUTION]: The skill requests permissions for the 'Bash' tool and uses it to run complex shell commands, including agent spawning and interactive installers, which increases the impact of any potential compromise.
- [PROMPT_INJECTION]: The multi-agent orchestration logic creates an attack surface for indirect prompt injection.
- Ingestion points: The PM Agent and Workflow Guide process project plans and requirements provided as natural language strings.
- Boundary markers: The skill does not define delimiters or special instructions to isolate external task data from the orchestrator's core commands.
- Capability inventory: The agent has access to 'Bash', 'Write', and 'Read' tools, which could be misused if the orchestrator inadvertently executes malicious instructions embedded in a project plan.
- Sanitization: There is no evidence of sanitization or validation of the input strings before they are used to decompose tasks into executable agent actions.
Audit Metadata