oracle
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill relies on the execution of the
codexCLI tool, which is not a standard system utility or a recognized tool from trusted AI organizations. Running unverified binaries or scripts viacodex execposes a risk of unauthorized command execution. - DATA_EXFILTRATION (MEDIUM): The core functionality involves transmitting local file content to an external "oracle" service. The documentation specifically suggests sending sensitive files like
@src/auth/jwt.tsand@src/api/update.ts, which increases the risk of leaking credentials or security-critical logic. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and reason over untrusted data (source code).
- Ingestion points: Local source code files referenced using the
@syntax inSKILL.mdexamples. - Boundary markers: Absent. There are no instructions to the model to ignore embedded commands within the analyzed files.
- Capability inventory: The skill has the capability to execute shell commands (
codex exec). - Sanitization: None detected. File content appears to be passed directly to the remote service without filtering or escaping.
Audit Metadata