ohdear
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's core functionality relies on executing the
ohdearcommand-line interface to interact with the Oh Dear API for tasks like listing monitors, retrieving metrics, and managing status pages. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of the official
ohdearapp/ohdear-clipackage from the Composer registry to enable the CLI functionality. - [PROMPT_INJECTION]: The skill identifies and processes data from external sources, including parameters extracted from
ohdear.appURLs and documentation content fetched from the service's website. - Ingestion points: Monitor IDs and check types are extracted from user-provided URLs in
SKILL.md; documentation is fetched in markdown format fromhttps://ohdear.app/docs/as described inSKILL.md. - Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions when the agent processes data from URLs or documentation.
- Capability inventory: Extensive administrative control over monitoring resources, including CRUD operations for monitors and maintenance periods, as detailed in
references/commands.md. - Sanitization: Absent; the instructions do not include steps to sanitize or validate extracted URL parameters before they are passed to the CLI shell commands.
Audit Metadata