ask
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using user-supplied input via the {{ARGUMENTS}} placeholder. Specifically, it calls
omc ask {{ARGUMENTS}}. This pattern is vulnerable to command injection if the execution environment does not properly sanitize or escape shell metacharacters in the user input. - [COMMAND_EXECUTION]: The skill executes version check commands (
claude --version,codex --version,gemini --version) to verify the local environment's capabilities. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection or command injection because it interpolates untrusted data directly into a shell execution context. 1. Ingestion points: User input provided through the {{ARGUMENTS}} parameter in SKILL.md. 2. Boundary markers: Absent. The input is passed directly to the shell command wrapper without delimiters or instructions to ignore embedded commands. 3. Capability inventory: Execution of local shell commands via
omcand various CLI tools as defined in SKILL.md. 4. Sanitization: Absent. The skill does not define any validation, escaping, or filtering of the user-provided arguments before execution.
Audit Metadata