oracle-soul-sync-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches version/tags from a public GitHub API (Step 2: curl https://api.github.com/repos/Soul-Brews-Studio/oracle-skills-cli/tags and the gh API/release commands) and then uses that untrusted, user-generated remote content to decide which version to install, so third-party content can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs runtime commands that fetch and install remote code from the GitHub package reference (oracle-skills@github:Soul-Brews-Studio/oracle-skills-cli, e.g. via ~/.bun/bin/bunx --bun oracle-skills@github:Soul-Brews-Studio/oracle-skills-cli#$LATEST), which executes remote code and is required for the sync, so it directly controls agent behavior and poses risk.