Skills
skills/jeo-tech-ai/oh-my-unity3d/omu/Gen Agent Trust Hub

omu

Fail

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Script scripts/install.sh downloads a remote shell script from https://plannotator.ai/install.sh and executes it directly by piping the curl output into bash. This pattern executes unverified remote code with the user's local privileges.
  • [COMMAND_EXECUTION]: Setup scripts (setup-claude.sh, setup-codex.sh, setup-gemini.sh, setup-opencode.sh) perform automated modifications to local configuration files for various AI tools (e.g., ~/.claude/settings.json, ~/.codex/config.toml) and install persistent executable hooks (~/.codex/hooks/omu-notify.py, ~/.gemini/hooks/omu-plannotator.sh).
  • [EXTERNAL_DOWNLOADS]: scripts/install.sh performs global installations of NPM packages (agent-browser, playwriter) and uses bunx or npx to fetch and run setup code from external sources like oh-my-opencode and oh-my-ag without version pinning.
  • [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection via the plan.md file processed by the planning loop. Ingestion point: plan.md. Boundary markers: Absent. Capability inventory: High, including shell execution and configuration modification. Sanitization: Absent. Instructions embedded in the plan could manipulate the agent's logic during execution transitions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 11, 2026, 09:08 AM