oracle
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @steipete/oracle package from the npm registry via its metadata configuration.\n- [REMOTE_CODE_EXECUTION]: Recommends running the utility with npx -y @steipete/oracle, which dynamically fetches and executes code from a remote package registry.\n- [COMMAND_EXECUTION]: Provides instructions for the agent to execute shell commands using the oracle binary to process files, manage sessions, and interact with AI models.\n- [DATA_EXFILTRATION]: The core purpose of the tool is to send file contents to external model providers (API or browser automation). The skill provides safety advice to ensure users do not include secrets or environment variables in the context.\n- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes untrusted files from local repositories.\n
- Ingestion points: File contents targeted by the --file globbing patterns.\n
- Boundary markers: The tool respects .gitignore and ignores common sensitive/build directories by default.\n
- Capability inventory: Reads local files and performs network operations to transmit data to LLMs.\n
- Sanitization: Relies on documentation-based safety warnings and manual redaction of sensitive data.
Audit Metadata