Skills
skills/exploreomni/omni-cursor-plugin/omni-query/Gen Agent Trust Hub

omni-query

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform authenticated POST and GET requests to the Omni Analytics API ($OMNI_BASE_URL) for running queries and fetching dashboard metadata.
  • [EXTERNAL_DOWNLOADS]: Documentation references the use of pyarrow and pandas Python libraries to decode and process data returned in Apache Arrow format.
  • [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists as the agent processes data from external API responses. Ingestion points: REST API response data from the Omni query endpoint (SKILL.md). Boundary markers: None identified. Capability inventory: curl for network requests. Sanitization: Not specified; results are passed directly for decoding and analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 12:32 AM