oracle-family-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses public GitHub issues and comments (see scan.sh and scripts/fleet-scan.ts using the gh CLI and SKILL.md "welcome" / "sync" steps that run gh api/gh issue view against Soul-Brews-Studio/oracle-v2), then instructs the agent to read those issue bodies to craft AI-driven personalized welcome messages—meaning untrusted, user-generated third-party content is interpreted and can directly influence actions like posting comments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs gh/gh api calls at runtime to fetch GitHub issue content (e.g., "gh api 'repos/Soul-Brews-Studio/oracle-v2/issues?state=all&per_page=100'" and "gh issue view {N} --repo Soul-Brews-Studio/oracle-v2 --json title,body,author,createdAt"), and those fetched issue bodies are injected/used to generate AI-driven personalized welcome messages, meaning external content from the Soul-Brews-Studio/oracle-v2 repo directly controls agent prompts.