Skills
skills/steipete/clawdis/oracle/Gen Agent Trust Hub

oracle

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill configuration installs the @steipete/oracle package via Node.js. This author/organization is not on the trusted list, making the dependency unverifiable via automated trust rules.
  • COMMAND_EXECUTION (LOW): The skill documentation instructs the agent to execute the oracle binary and use npx to run remote packages locally, which constitutes executing code on the host machine.
  • PROMPT_INJECTION (LOW): The skill is designed to ingest local files and provide them as context to an LLM, creating an indirect prompt injection vulnerability. 1. Ingestion points: Local files and directories specified via the --file flag. 2. Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to isolate file content. 3. Capability inventory: The tool bundles and transmits data to external LLM providers (OpenAI/Gemini). 4. Sanitization: No automated sanitization is present; the skill relies on manual user redaction of secrets.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:46 PM