omc
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs a plugin directly from a personal GitHub repository (https://github.com/Yeachan-Heo/oh-my-claudecode) which is not a verified or trusted organization.
- [REMOTE_CODE_EXECUTION]: Instructs the user to install a global NPM package 'oh-my-claude-sisyphus'.
- The package name does not match the skill name ('oh-my-claudecode').
- The package originates from an unknown source, posing a risk of executing unverified code.
- [COMMAND_EXECUTION]: Utilizes high-privilege tools including 'Bash' and 'Edit' to perform system-level tasks.
- Runs a setup command '/omc:omc-setup'.
- Initiates a background daemon ('omc wait --start') for auto-resuming sessions, which establishes persistence on the host.
- [PROMPT_INJECTION]: As a multi-agent orchestration layer, the skill is susceptible to indirect prompt injection.
- Ingestion points: Processes user-provided tasks and potentially external code/data through the 'team' and 'autopilot' modes in 'SKILL.md'.
- Boundary markers: No explicit delimiters or instructions are provided to sub-agents to ignore potential instructions embedded in the content being processed.
- Capability inventory: The skill has access to 'Bash', 'Write', and 'Edit' tools, allowing for significant system impact if an injection occurs.
- Sanitization: No evidence of input sanitization or validation is visible in the provided instruction files.
- [CREDENTIALS_UNSAFE]: Provides commands to configure notifications ('omc config-stop-callback') which require users to input sensitive information such as Telegram bot tokens and Discord webhooks.
Audit Metadata