oracle
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill identifies the installation of the @steipete/oracle package from the npm registry as a prerequisite for usage.
- [COMMAND_EXECUTION]: The skill documents various command-line patterns for the oracle tool, including dry runs, session management, and remote browser hosting.
- [DATA_EXFILTRATION]: The tool is designed to transmit local repository content to external LLM services; this is documented as the primary function, and the skill includes explicit advice to avoid including secrets or sensitive files.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing untrusted data from the local file system. 1. Ingestion points: Local files specified via the --file flag in SKILL.md. 2. Boundary markers: None mentioned. 3. Capability inventory: Bundled content is sent to external LLM providers. 4. Sanitization: Manual redaction of sensitive data is recommended.
Audit Metadata