oma-search
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using user-provided query strings.
- Evidence:
SKILL.mdandresources/execution-protocol.mddefine the use ofgh search code "<query>"andglab api "/search?scope=blobs&search=<query>"to perform code searches. While these use quoting, they represent a potential surface for command injection if the underlying platform does not provide robust sanitization of the<query>variable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes untrusted data from external sources.
- Ingestion points:
resources/execution-protocol.mddescribes gathering results from web searches, documentation libraries (via Context7), and public code repositories (GitHub/GitLab). - Capability inventory:
SKILL.mdspecifies capabilities in thePROCESSandNETWORKscopes, including subprocess execution and network operations. - Boundary markers: The protocol lacks documented use of delimiters or instructions to the agent to ignore embedded commands within search results.
- Sanitization: No explicit sanitization or filtering of the retrieved content is mentioned before it is presented to the agent's context.
Audit Metadata