omni-ai-eval
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
omniCLI tool to interact with Omni AI APIs. It executes shell commands to generate queries, check job status, and retrieve model configurations. It also usesjqto manipulate JSON data within shell loops. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its handling of external test data.
- Ingestion points: Test cases containing natural language prompts and model identifiers are read from local files like
evals/files/cases.jsonl. - Boundary markers: No boundary markers or specific instructions are provided to the agent to isolate or treat these inputs as untrusted data.
- Capability inventory: The skill uses extracted data to execute subprocesses via
omni ai generate-queryandomni ai job-submit. - Sanitization: There is no evidence of sanitization or validation performed on the fields read from input files before they are interpolated into shell command strings.
Audit Metadata