oma-search
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several CLI tools to perform searches and content retrieval.
gh search codeandglab apiare used to query GitHub and GitLab repositories for implementation patterns.- The
oma search fetchutility is used as a bypass fallback for web searches, employing strategies such as API handlers, Jina Reader, and browser automation (via Puppeteer). curlis used to query the external Tranco API (siterank.redirect2.me) for domain popularity validation.- [EXTERNAL_DOWNLOADS]: The skill performs network operations to multiple external sources.
- It fetches content from arbitrary URLs discovered during searches using the
omautility. - It interacts with the
siterank.redirect2.meAPI to resolve domain trust scores. - It retrieves documentation via the Context7 MCP.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the processing of untrusted data from the web and code repositories.
- Ingestion points: Untrusted data enters the agent context from web search snippets, full page content fetched via the
omautility, and source code retrieved from GitHub/GitLab (found inresources/execution-protocol.md). - Boundary markers: No explicit boundary markers or "ignore instructions" delimiters are defined in the instructions to separate external content from the agent's core logic.
- Capability inventory: The skill has access to shell execution (
gh,glab,oma,curl), network request capabilities, and memory storage via the Serena MCP (found inresources/trust-registry.md). - Sanitization: No sanitization, escaping, or validation logic is mentioned for the content retrieved from external sources before it is presented to the agent.
Audit Metadata