Skills
skills/exploreomni/omni-claude-skills/omni-content-explorer/Gen Agent Trust Hub

omni-content-explorer

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses curl to interact with the Omni Analytics REST API for content discovery, metadata retrieval, and document management.
  • [EXTERNAL_DOWNLOADS]: Fetches an OpenAPI specification and organizational data from vendor-associated domains (omniapp.co and omni.co). These resources are used for configuration and content browsing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data.
  • Ingestion points: Data retrieved from various Omni Analytics API endpoints such as /api/v1/content and /api/v1/documents as described in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to disregard potentially malicious instructions embedded in the API responses.
  • Capability inventory: The agent can execute shell commands (curl) and perform write operations (creating folders, managing labels) via the API.
  • Sanitization: There is no evidence of data validation or sanitization of the content returned from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 11:10 PM