oma-coordination
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
oh-my-agCLI tool to manage sub-agents. - Example command:
oh-my-ag agent:spawn backend "task description" session-id -w ./backend &. - Instructions include the use of background processes (
&) and thewaitcommand for parallel task coordination. - The skill references a local script path:
.agents/skills/orchestrator/scripts/spawn-agent.sh. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by interpolating untrusted user requirements into CLI command arguments.
- Ingestion points: User-provided task descriptions are passed directly as string arguments to the
oh-my-agcommand inSKILL.mdandresources/examples.md. - Boundary markers: None identified; the instructions do not specify delimiters or safety wrappers for the interpolated strings.
- Capability inventory: The agent has the capability to execute shell commands and manage background processes.
- Sanitization: No explicit sanitization or input validation is described within the skill instructions.
Audit Metadata