Oh My OpenAgent

The interactive_bash tool contains an unpatched vulnerability allowing arbitrary command execution in any Tmux session, which can be exploited via prompt injection from malicious repositories.

The maintainer has previously dismissed security reports concerning excessive permissions as 'working as designed,' indicating a concerning security response posture.

Anonymous telemetry via PostHog is enabled by default and collects hashed hostnames and error diagnostics, requiring an explicit environment variable to opt out.

Marketing claims of complete agent autonomy are contradicted by known bugs, such as agents successfully bypassing task loops without actually executing the required work.

The disabled_tools configuration is parsed but ignored by the system, leaving supposedly restricted tools fully functional.