oracle
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the third-party
@steipete/oraclepackage from the npm registry. - [REMOTE_CODE_EXECUTION]: The skill suggests running
npx -y @steipete/oracle, which downloads and executes code from a remote registry without prior verification. - [COMMAND_EXECUTION]: The skill relies on the
oracleCLI binary for its core functionality, including dry runs, session management, and file processing. - [DATA_EXFILTRATION]: The skill is designed to bundle local source code and send it to external AI engines or browser automation tools. It also provides a server mode (
oracle serve) that can expose the tool's functionality and session data to the network via the0.0.0.0interface. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its data ingestion capabilities. * Ingestion points: Local files and directories specified through the
--fileflag. * Boundary markers: No specific markers are defined to isolate untrusted file content from system instructions. * Capability inventory: Network requests to external LLM providers and subprocess execution of CLI tools. * Sanitization: There is no evidence of content sanitization or escaping for the files being processed.
Audit Metadata