omc
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs a plugin from an external GitHub repository (Yeachan-Heo/oh-my-claudecode) that is not associated with the skill author or a trusted vendor list.
- [REMOTE_CODE_EXECUTION]: Recommends installing global npm packages like '@google/gemini-cli' and '@openai/codex'. These names use official-sounding scopes but are not official packages from Google or OpenAI, posing a risk of running untrusted third-party code.
- [COMMAND_EXECUTION]: Requires executing a setup command (/omc:omc-setup) and includes functionality to run a background daemon (omc wait --start) for persistent execution.
- [CREDENTIALS_UNSAFE]: Asks users to input sensitive credentials, including Telegram bot tokens and Discord webhooks, to enable notification features.
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface.
- Ingestion points: Untrusted task descriptions provided by users or external data (e.g., 'autopilot: [task]').
- Boundary markers: Absent; task descriptions are interpolated directly into agent prompts.
- Capability inventory: Bash, Read, Write, Edit, Grep, Glob (SKILL.md).
- Sanitization: Absent; no validation or escaping of task input is documented.
Audit Metadata