Skills
skills/frankxai/claude-code-oracle-skills/Oracle InfoGenius/Gen Agent Trust Hub

Oracle InfoGenius

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-provided topics or services are directly inserted into prompts for image generation and web searches.
  • Ingestion points: User-supplied variables in SKILL.md.
  • Boundary markers: None identified; user input is not delimited or labeled as untrusted data.
  • Capability inventory: The skill utilizes WebSearch and the mcp__nanobanana__generate_image tool, and defines a specific local file output directory.
  • Sanitization: No validation, escaping, or sanitization logic is present for the interpolated user input.
  • [COMMAND_EXECUTION]: The skill invokes custom MCP tools to execute its generation pipeline.
  • Evidence: Tool calls to WebSearch and mcp__nanobanana__generate_image are used to perform the core functions of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:21 PM