oh-plan
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard GitHub CLI (
gh) and shell commands (cat,echo) to automate the creation and management of issues and labels. These operations are performed using secure patterns, such as quoted heredocs (cat <<'EOF'), which prevent shell injection when interpolating user-provided or file-based content into command arguments. - [DATA_EXFILTRATION]: The skill reads project-specific context (goals, problem space, solution space) from files within the local
.oh/directory and uploads this data to GitHub issues. This behavior is the primary intended function of the skill and targets a well-known service (GitHub) without accessing sensitive system-level files or credentials. - [PROMPT_INJECTION]: The skill defines a clear boundary between its internal logic and the data it processes. While it ingests external data from session files, it does so to populate structured issue templates, and the use of shell heredocs mitigates common injection vectors.
Audit Metadata