oracle
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the
@steipete/oraclepackage from the npm registry, which is a verified and whitelisted domain for software distribution. - [COMMAND_EXECUTION]: The skill documentation details the use of the
oracleCLI, which performs extensive local file system reads and manages session state in~/.oracle/sessions. It also describes features for setting up a remote browser host that listens on a network port. - [PROMPT_INJECTION]: The skill facilitates the ingestion of local file content into LLM prompts, presenting a risk of indirect prompt injection.
- Ingestion points: Local files and directories are ingested via the
--fileflag as described in theSKILL.mdusage examples. - Boundary markers: No specific delimiters or safety instructions are provided within the skill to isolate ingested file content from the AI's primary instructions.
- Capability inventory: The
oracletool is capable of reading any file content accessible to the current user and transmitting it to external AI services via API or browser automation. - Sanitization: The documentation does not specify any sanitization or validation of the ingested file content prior to it being sent to the LLM.
Audit Metadata