oma-image
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute subprocesses using the
codexCLI (codex exec) and thegeminiCLI. These executions are core to the skill's function of routing image generation requests to different vendors. - [EXTERNAL_DOWNLOADS]: Accesses external content from the
YouMind-OpenLabGitHub organization's repositories (e.g.,awesome-gpt-image-2andawesome-nano-banana-pro-prompts) using the GitHub CLI (gh api) to retrieve markdown documentation and prompt engineering templates. - [DATA_EXFILTRATION]: Reads from local application-specific directories such as
~/.claude/image-cache/and~/.codex/generated_images/to process images that users have attached or previously generated, which is necessary for its stated 'reference image' functionality. - [EXTERNAL_DOWNLOADS]: Communicates with the Pollinations API (
gen.pollinations.ai) and Google's Generative Language API for remote image generation tasks.
Audit Metadata