The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx -y @steipete/oracle to download and execute code from the NPM registry. The package author (@steipete) is not a recognized trusted source, and the -y flag bypasses user confirmation for installation.
[REMOTE_CODE_EXECUTION] (HIGH): The use of npx -y constitutes a 'download then execute' pattern. This allows arbitrary code from the internet to run with the user's local privileges, a primary vector for supply chain attacks.
[DATA_EXFILTRATION] (HIGH): The primary purpose of the skill is to read local files and send them to external AI models (API or browser). While the instructions advise against including secrets, the underlying capability allows for the exfiltration of sensitive files (e.g., .env, ~/.ssh/id_rsa) if glob patterns are modified.
[COMMAND_EXECUTION] (HIGH): The skill invokes subprocesses via npx and includes capabilities for starting local network servers (oracle serve --host 0.0.0.0), which could be used to expose local services or maintain persistence.
[DATA_EXPOSURE] (HIGH): (Category 8) The skill acts as an ingestion surface for untrusted local data (codebase files). It lacks explicit boundary markers or sanitization, meaning malicious instructions embedded in processed files could influence the 'second-model' review, potentially resulting in harmful advice or indirect prompt injection if the output is used to automate further actions.

oracle