consult-oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill automates a browser to fetch and consume responses from an external ChatGPT site (chatgptUrl in ~/.turbo/config.json) via scripts/run_oracle.py (and validates via scripts/refresh_cookies.py hitting https://chatgpt.com/api/auth/session), and those oracle responses (written to .turbo/oracle/.txt) are explicitly read and used to guide next actions, so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High-confidence: scripts/run_oracle.py runs "npx -y @steipete/oracle" at runtime which downloads and executes remote code from the npm package (https://www.npmjs.com/package/@steipete/oracle) that is responsible for driving the ChatGPT/browser automation and therefore directly controls prompts/instructions and is a required runtime dependency.