Dev Workflow - Monorepo Task Automation Specialist

Name: oh-my-agent/oma-dev-workflow
Author: first-fluke

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill installs `mise` via `curl |

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's stated purpose is to act as a 'Monorepo Task Automation Specialist' capable of running development servers, executing lint/format/typecheck, managing migrations, etc. However, the actual content is purely descriptive, providing guidelines, syntax, and troubleshooting steps for using the `mise` tool. It does not contain any executable code or mechanisms to perform these automation tasks itself; it only explains how a user *could* perform them using `mise`.

Claims to do

Dev Workflow - Monorepo Task Automation Specialist: - Running development servers for monorepo with multiple applications - Executing lint, format, typecheck across multiple apps in parallel - Managing database migrations and schema changes - Generating API clients or code from schemas - Building internationalization (i18n) files - Executing production builds and deployment preparation - Running parallel tasks in monorepo context - Setting up pre-commit validation workflows - Troubleshooting mise task failures or configuration issues - Optimizing CI/CD pipelines with mise

Actually does

This skill describes how to use the `mise` tool for monorepo development workflows. It provides instructions for installing `mise` via `curl https://mise.run`, configuring it, and running various `mise` commands like `mise run`, `mise install`, `mise list`, `mise tasks --all`, `mise config`, and `mise doctor`. It also suggests using `lsof` for troubleshooting port conflicts. The skill references local markdown files for additional resources.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception2 findings

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamics2 findings

Human-in-the-LoopHuman Overseerclean

Skill Info

Namefirst-fluke/oh-my-agent/oma-dev-workflow

Registrygithub

Versionfaec2c98d24e

PURLpkg:github/first-fluke/oh-my-agent@faec2c98d24e?skill=oma-dev-workflow

Stars637

Source

Repository ↗SKILL.md ↗

SHA-256e16fd0f9f33c...

SHA-1edd6e55dc3c2...

MD5e24d030379dd...

TLSH36f1a7871c00...

ssdeep192:0OJmra8b...

Size8,119 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/first-fluke/oh-my-agent/tree/main/skills/oma-dev-workflow

Claude CodeDocs

/plugin marketplace add first-fluke/oh-my-agent

/plugin install oma-dev-workflow@first-fluke/oh-my-agent

Skills.shDocs

npx skills add https://github.com/first-fluke/oh-my-agent --skill oma-dev-workflow

Assessments (5)

AI Agent Traps ↗

Remote code download and execution detectedcriticalcommand execution

Remote code download and execution detected

100% confidenceline 61

curl https://mise.run | sh

Shell profile or autostart persistence — modifies startup files or registry run keys for persistent executionhighpersistence

Shell profile or autostart persistence — modifies startup files or registry run keys for persistent execution

100% confidenceline 64

echo 'eval "$(~/.local/bin/mise activate)"' >> ~/.zshrc

Remote Code Execution & Persistence via Installation Scriptcriticalcommand execution

The skill instructs the agent to install `mise` by piping `curl` output directly to `sh`, executing arbitrary code from an external URL. This is a significant supply chain risk. Additionally, it modifies the user's shell configuration (`.zshrc`) to activate `mise`, establishing persistence.

100% confidenceline 62

curl https://mise.run | sh
echo 'eval "$(~/.local/bin/mise activate)"' >> ~/.zshrc

Dynamic External Protocol Loading with Path Traversal Riskhighdata exfiltration

The skill indicates that 'Vendor-specific execution protocols are injected automatically' from `../_shared/runtime/execution-protocols/{vendor}.md`. If the `{vendor}` variable is user-controlled or not properly sanitized, this could lead to path traversal, allowing the agent to read arbitrary files (data exfiltration) or potentially execute code if the markdown parser is vulnerable.

90% confidenceline 170

Source files live under ../_shared/runtime/execution-protocols/{vendor}.md

Pipe to Shell Install Patternlowcommand execution

The skill instructs execution of `curl https://mise.run | sh`, a well-known risky pattern that pipes a remote script directly into a shell. If the mise.run domain is compromised or the agent is operating in a context where this URL is substituted, arbitrary code could be executed on the host system.

55% confidenceline 82

# Install mise
curl https://mise.run | sh

Description Mismatchhighdescription mismatch

The skill's stated purpose is to act as a 'Monorepo Task Automation Specialist' capable of running development servers, executing lint/format/typecheck, managing migrations, etc. However, the actual content is purely descriptive, providing guidelines, syntax, and troubleshooting steps for using the `mise` tool. It does not contain any executable code or mechanisms to perform these automation tasks itself; it only explains how a user *could* perform them using `mise`.

85% confidence

The entire skill content consists of markdown text, rules, guidelines, and examples of `mise` commands, but no actual executable functions or scripts that the AI would run. It's a knowledge base, not an active agent.

Execution Protocol Injected via External Fileshighprompt injection

The skill references external files for 'vendor-specific execution protocols' that are 'injected automatically' at runtime. This pattern allows attacker-controlled content from external files to modify agent behaviour without the skill author or reviewer being able to inspect the injected instructions. The phrase 'injected automatically' is particularly concerning as it implies the agent will silently incorporate external content into its operating context.

82% confidenceline 193

Execution Protocol (CLI Mode)

Vendor-specific execution protocols are injected automatically by `oma agent:spawn`.
Source files live under `../_shared/runtime/execution-protocols/{vendor}.md`.

External Shared Core Files Referenced Without Validationmediumprompt injection

The skill references external shared files via relative paths (`../_shared/core/clarification-protocol.md`, `../_shared/core/difficulty-guide.md`). If these files are attacker-controlled or compromised, they could inject malicious instructions into the agent's context. The use of `../` traversal paths to shared directories increases the attack surface for supply chain or path-traversal-based injection.

65% confidenceline 199

- Clarification: `../_shared/core/clarification-protocol.md`
- Difficulty assessment: `../_shared/core/difficulty-guide.md`

RAG Poisoning via External Knowledge Base Referencesmediumrag poisoning

The skill references several local markdown files (e.g., `resources/*.md`, `../_shared/core/*.md`) as knowledge sources. If these external files are compromised or contain malicious instructions, they could poison the agent's RAG or knowledge base, influencing its future reasoning and actions.

90% confidenceline 112

resources/validation-pipeline.md
../_shared/core/clarification-protocol.md

Sub-Agent Spawning via oma agent:spawnmediumsub agent spawning

The skill references `oma agent:spawn` as the mechanism for injecting execution protocols. This indicates the skill interacts with a sub-agent spawning system. If the spawned agents receive attacker-controlled execution protocol files, this could propagate malicious instructions across multiple agents in a cascading fashion.

70% confidenceline 230

Vendor-specific execution protocols are injected automatically by `oma agent:spawn`.

Background Process Execution Without Oversightlowautonomy abuse

The skill instructs the agent to start development servers in the background using shell job control (`&` and `wait`). While common in dev workflows, instructing an agent to spawn background processes reduces human visibility into what processes are running and could be abused to launch persistent background tasks without user awareness.

30% confidenceline 132

# Start dev servers in background
mise run //apps/api:dev &
mise run //apps/web:dev &
wait

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/first-fluke/oh-my-agent/oma-dev-workflow.svg)](https://mondoo.com/ai-agent-security/skills/github/first-fluke/oh-my-agent/oma-dev-workflow)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/first-fluke/oh-my-agent/oma-dev-workflow"><img src="https://mondoo.com/ai-agent-security/api/badge/github/first-fluke/oh-my-agent/oma-dev-workflow.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/first-fluke/oh-my-agent/oma-dev-workflow.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow