oracle
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill invokes
npx -y @steipete/oracle, which downloads and executes code from the npm registry. The package owner is not a trusted source, creating a risk of supply chain attack or execution of unvetted code. - [COMMAND_EXECUTION] (HIGH): By using
npx, the skill executes arbitrary code on the host system to perform its analysis and server tasks. - [DATA_EXFILTRATION] (MEDIUM): The core functionality involves reading local files (via globs like
src/**) and transmitting them to external LLM providers (OpenAI, Google). While intended, this creates a high risk of sensitive data exposure if used without strict constraints. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection. Malicious instructions inside files being bundled could manipulate the secondary model's response. Evidence: 1. Ingestion: local files via --file; 2. Boundaries: absent; 3. Capabilities: network send/file read; 4. Sanitization: absent.
Recommendations
- AI detected serious security threats
Audit Metadata