omarchy
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill teaches the agent to use shell commands like
compgen,which, andcatto discover and inspect system scripts. This grants the agent a method to interact with and explore the executable environment of the host. - EXTERNAL_DOWNLOADS (MEDIUM): The skill is installed by cloning an unverified third-party repository (
robzolkos/omarchy-skill.git), which is not a trusted source. - PROMPT_INJECTION (LOW): Reading system scripts via
catcreates a surface for indirect prompt injection. If an attacker can influence the content of a script being read, they can inject instructions into the agent's context. Evidence: 1. Ingestion:cat $(which ...)reads local files; 2. Boundaries: Absent; 3. Capabilities: Shell command execution; 4. Sanitization: None.
Audit Metadata