oracle
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata triggers the automatic installation of the Node.js package
@steipete/oraclefrom the NPM registry. This package originates from an author not identified in the trusted vendors list. - [COMMAND_EXECUTION]: The documentation encourages the use of
npx -y @steipete/oracle --help, which downloads and executes remote code at runtime. - [PROMPT_INJECTION]: The skill facilitates the bundling of local repository files into prompts sent to external LLMs, which constitutes an indirect prompt injection surface (Category 8).
- Ingestion points: Local file content gathered via the
--fileflag as described inSKILL.md. - Boundary markers: The skill documentation does not mention the use of delimiters or 'ignore' instructions to prevent the model from obeying instructions found within the attached files.
- Capability inventory: The CLI performs network operations to send bundled data to remote engines (OpenAI, browser-based models).
- Sanitization: No evidence of sanitization or validation of the file contents before bundling is provided.
Audit Metadata