oracle
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the
@steipete/oraclepackage from the NPM registry. - [COMMAND_EXECUTION]: The documentation provides instructions for running the
oracleCLI andnpxcommands to bundle files, manage sessions, and interact with AI models. - [COMMAND_EXECUTION]: Includes instructions for starting a remote server using
oracle serve, which opens a network listener on the host machine. - [DATA_EXFILTRATION]: The tool's core functionality is to transmit local file content to external AI services. The documentation explicitly advises users to exclude sensitive files like
.envand authentication tokens. - [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it ingests untrusted local files via the
--fileparameter (File: SKILL.md). No boundary markers or sanitization methods are documented to mitigate instructions embedded in processed files. The skill has capabilities to perform network operations and execute CLI commands.
Audit Metadata