oracle
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@steipete/oraclepackage from the public npm registry using standard Node.js package management patterns. - [COMMAND_EXECUTION]: The instructions provide multiple examples of shell commands, including
npx -y @steipete/oracleand variousoraclebinary invocations for dry-runs, file globbing, and starting a local server for remote browser automation. - [DATA_EXFILTRATION]: While the tool's core functionality involves sending local file content to external AI models (OpenAI/ChatGPT), the skill explicitly instructs the user to redact secrets and avoid attaching sensitive files like
.envor SSH keys. This is consistent with the intended purpose of the tool and includes appropriate safety warnings. - [PROMPT_INJECTION]: No malicious override or bypass patterns were detected. The instructions include a 'Prompt template' section that guides the user on how to provide high-quality context to the model without attempting to circumvent safety filters.
Audit Metadata