oasis-setup
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): The skill instructs the installation of the
oasis-sdkpackage. As 'Oasis' is not on the predefined list of trusted organizations, this is technically an unverifiable dependency installation; however, the risk is lowered as it is the primary stated purpose of the skill. - [Indirect Prompt Injection] (LOW): The skill relies on reading external reference files which serve as the primary source of instructions for the agent, creating a surface for potential instruction injection if those files are compromised.
- Ingestion points:
references/integration-guide.md,sdk/src/index.ts,sdk/src/types.ts. - Boundary markers: Absent. The agent is directed to read and follow the full guide without explicit delimiters or safety constraints on the content within those files.
- Capability inventory: Node.js package installation (
npm install), file modification (tauri.conf.json), and GitHub Actions workflow creation (tauri-release.yml). - Sanitization: Absent. The instructions do not specify validation or sanitization of the content extracted from the reference files.
Audit Metadata