Skills
skills/soul-brews-studio/arra-oracle-skills/oracle-family-scan/Snyk

oracle-family-scan

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub content from the public Soul-Brews-Studio/arra-oracle-v3 repo (e.g., SKILL.md Step 2 "Research" using gh issue view and the scan.sh / scripts/fleet-scan.ts flows that read issue/discussion titles/bodies), and then uses that content to craft and post personalized welcome messages, so untrusted third-party text can directly influence agent actions and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill runs gh API/GraphQL calls and gh issue view against the GitHub repo Soul-Brews-Studio/arra-oracle-v3 (https://github.com/Soul-Brews-Studio/arra-oracle-v3) at runtime to fetch issue bodies that are injected into the welcome-generation flow, so remote content directly controls the AI prompts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 12:58 PM
Issues
2