Skills
skills/soul-brews-studio/oracle-skills-cli/talk-to/Gen Agent Trust Hub

talk-to

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions explicitly bypass the human-in-the-loop safety principle by directing the agent to send messages without user review.
  • Evidence: "Post immediately — do NOT ask the user what to say" and "Do NOT use AskUserQuestion for message content" in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its autonomous conversation loop which processes untrusted data from other agents.
  • Ingestion points: The oracle_thread_read tool is used in SKILL.md (Mode 4) to retrieve messages from other agents.
  • Boundary markers: Absent. The skill does not employ delimiters or system instructions to ignore potential commands embedded in the retrieved messages.
  • Capability inventory: The skill can list threads (oracle_threads) and post messages (oracle_thread), providing a surface for an attacker to influence agent actions or spread malicious instructions.
  • Sanitization: Absent. There is no evidence of input validation or filtering of the content received from the Oracle threads before it is used to generate follow-up messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:18 PM