omo
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk identified. Ingestion points:
SKILL.mdandreferences/develop.mdingest outputs from search agents. Boundary markers: Uses markdown headers## Context Packbut lacks explicit instructions to ignore embedded commands. Capability inventory: Subprocess execution viacodeagent-wrapperand file-system write/edit capabilities in implementation agents. Sanitization: Absent; external data is pasted directly into prompts. - [COMMAND_EXECUTION]: The skill executes shell commands using
codeagent-wrapperto orchestrate agent transitions. This pattern is central to the skill's routing logic. Additionally, theREADME.mdrefers to aninstall.pyscript for setup that is not provided in the audited file list. - [EXTERNAL_DOWNLOADS]: The
librarianagent utilizesgh repo cloneto fetch external repositories for analysis. This is documented as a core research function and targets a well-known service (GitHub).
Audit Metadata