Skills
skills/yeachan-heo/oh-my-claudecode/cancel/Gen Agent Trust Hub

cancel

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes shell scripts to perform environment cleanup and state management.
  • Uses rm -f to delete session-scoped and legacy state files within the .omc/state/ directory and user home directory.
  • Executes tmux kill-session and kill commands to stop background agent processes and workers.
  • Performs directory traversal via find and git commands to resolve state paths and locate active team configurations.
  • Includes an embedded Python one-liner (`python3
  • <<'PY' ...) to calculate future UTC timestamps for cancellation signals when local date` commands lack offset support.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon external configuration data and process lists.
  • Ingestion points: Reads team configuration files (config.json) and system process lists (ps aux) to determine targets for termination.
  • Boundary markers: None explicitly used; the skill parses data directly to find member names and process identifiers.
  • Capability inventory: Includes file system modification (rm), process termination (kill, tmux), and communication tools (SendMessage).
  • Sanitization: Uses sed to sanitize the project directory name for path construction, but relies on potentially untrusted data for other logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 08:42 AM