oracle
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install and run the '@steipete/oracle' package from the public npm registry using 'npx' or standard package managers.- [PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection because the 'oracle' tool ingests untrusted data from the local file system to include in model prompts.
- Ingestion points: Local files specified via the '--file' flag and user-provided prompts via '-p'.
- Boundary markers: No specific delimiters or markers are mentioned in the command examples to isolate file content from instructions.
- Capability inventory: The tool performs file system reads and makes network requests to external AI providers (e.g., OpenAI, Google) and optionally to remote browser hosts.
- Sanitization: The documentation includes a 'Safety' advisory suggesting manual redaction of secrets, but there is no evidence of automated content sanitization.
Audit Metadata