oracle
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): Intentional Data Bundling. The skill's core purpose is to aggregate repository content into a ZIP archive for external transmission. Although it utilizes 'assets/default_excludes.txt' to filter known secret patterns (e.g., .env, .pem, .key), this approach relies on user-controlled file selection and non-exhaustive glob patterns, which may lead to accidental exposure of intellectual property or non-standard credentials.
- [COMMAND_EXECUTION] (MEDIUM): Unverifiable Logic Execution. The skill executes 'scripts/oracle.py' via a shell wrapper, but the Python source code is not provided in the analyzed file set. This prevents verification of the script's internal logic, including whether it accesses sensitive files outside the specified scope or performs unauthorized network operations.
- [PROMPT_INJECTION] (LOW): Indirect Surface. The skill ingests untrusted repository data to generate instructions for an external 'expert' assistant. Malicious instructions embedded in repository files could be included in the generated 'prompt.md', potentially misleading the external assistant or causing it to provide harmful advice.
Audit Metadata