ohmg
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to run 'bunx oh-my-ag', which downloads a package from the npm registry. This package does not belong to a trusted organization or well-known service provider.
- [REMOTE_CODE_EXECUTION]: By using 'bunx', the skill facilitates the execution of remote code for setup and agent management tasks without verifying the integrity of the downloaded package.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute orchestration commands and spawn agent processes, which could be leveraged by a malicious external package.
- [PROMPT_INJECTION]: The orchestration architecture relies on shared state in the '.serena/memories/' directory, creating an attack surface for indirect prompt injection. Ingestion points: Structured state files in '.serena/memories/'. Boundary markers: No delimiters or isolation instructions are implemented. Capability inventory: Use of Bash, Write, and Read tools across the agent framework. Sanitization: There is no evidence of sanitization or validation of data retrieved from shared memory.
Audit Metadata