Skills
skills/harivansh-afk/claude-code-vertical/oracle/Gen Agent Trust Hub

oracle

Warn

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install and run an external package @steipete/oracle using npm install -g and npx. This package is a third-party dependency not included in the platform's trusted vendor list.
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the system, including creating temporary files (/tmp/oracle-prompt.txt), executing the Oracle CLI tool with various flags, and reading local files like plan.md.
  • [DATA_EXFILTRATION]: The primary function of the @steipete/oracle tool is to bundle codebase files (matching patterns like src/**, prisma/**, and convex/**) and transmit them to a remote AI engine (referenced as gpt-5.2-codex) for analysis. This represents a transfer of potentially sensitive intellectual property to an external service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 3, 2026, 11:04 AM