oracle-idcs-org-provisioning
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide an instructional framework and diagnostic scripts for identity management configuration. All logic is contained within local scripts.
- [DATA_EXPOSURE]: The configuration parameters defined in
.env.examplerelate to IAM group names and organization mappings. No hardcoded credentials, API keys, or private tokens were detected in the codebase. - [COMMAND_EXECUTION]: While the skill includes Node.js scripts, they are designed for data transformation and logging. They do not invoke system shells, execute arbitrary code, or interact with external APIs.
- [INDIRECT_PROMPT_INJECTION]: The scripts
preview-group-role-mapping.jsandverify-org-resolution.jsprocess command-line arguments. This represents an ingestion point for untrusted data; however, the impact is isolated to local console output with no downstream side effects or dangerous execution capabilities.
Audit Metadata