omc
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches plugin code from an unverified GitHub repository (Yeachan-Heo/oh-my-claudecode). It also references optional tools from well-known services including Google and OpenAI.
- [REMOTE_CODE_EXECUTION]: Installs an unverified global NPM package (oh-my-claude-sisyphus) and executes setup commands (/omc:omc-setup) that run code from the downloaded plugin.
- [COMMAND_EXECUTION]: Requests and utilizes the Bash tool for multi-agent coordination, task execution, and managing a background auto-resume daemon.
- [DATA_EXFILTRATION]: Contains features to configure Telegram and Discord notifications which involve processing sensitive bot tokens and webhook URLs.
- [PROMPT_INJECTION]: The skill acts as an orchestration layer for multiple agents, creating an indirect injection surface. 1. Ingestion points: User task inputs and inter-agent communication loops. 2. Boundary markers: No delimiters or ignore instructions found. 3. Capability inventory: Bash, Write, Read, and Edit tools across 32 agents. 4. Sanitization: No evidence of input filtering or output escaping.
Audit Metadata