note
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection. Content saved via the note command is automatically re-injected into the agent context in future sessions.
- Ingestion points: The content parameter in the
/oh-my-claudecode:notecommand. - Boundary markers: Absent. There are no mentions of delimiters or instructions to ignore embedded commands when loading the .omc/notepad.md file.
- Capability inventory: The skill reads from and writes to the local file system.
- Sanitization: Absent. The skill appends raw content to the markdown file and later re-injects it without filtering.
Audit Metadata