Skills
skills/yeachan-heo/oh-my-claudecode/omc-teams/Gen Agent Trust Hub

omc-teams

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the omc CLI tool to orchestrate worker teams. It executes shell commands to start worker processes (omc team ...), monitor their status (omc team status), and manage their lifecycle (omc team shutdown). These actions are central to the skill's intended purpose of task orchestration.
  • [EXTERNAL_DOWNLOADS]: The skill identifies dependencies on several global NPM packages from trusted organizations: @anthropic-ai/claude-code (Anthropic), @openai/codex (OpenAI), and @google/gemini-cli (Google). These are legitimate tools provided by the respective AI platform vendors.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill interpolates user-provided task descriptions directly into CLI command arguments.
  • Ingestion points: The task parameter extracted from user instructions in SKILL.md.
  • Boundary markers: No explicit delimiters or boundary markers are used to isolate the task input.
  • Capability inventory: The skill possesses capability for shell command execution via the omc CLI tool.
  • Sanitization: No input validation or sanitization logic is defined for the user-supplied task description.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 08:57 PM