oma-pm
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the processing of untrusted user requirements into structured task plans.
- Ingestion points: User requests and feature specifications are parsed into requirements as seen in SKILL.md and Step 1 of the execution protocol.
- Boundary markers: No explicit delimiters or instructions are used to separate untrusted user input from the agent's internal reasoning or output structure.
- Capability inventory: The skill writes execution plans to the filesystem at .agents/plan.json and .agents/brain/current-plan.md, which are used to control the actions of other agents.
- Sanitization: No sanitization, validation, or filtering of user input is documented to prevent malicious instructions from being included in the generated plan.
Audit Metadata