second-opinion
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and run the
@steipete/oracleutility directly from the NPM registry using npx. This tool is used to automate the process of sending code to LLMs for review.\n- [COMMAND_EXECUTION]: Provides specific shell commands to execute the Oracle CLI tool. These commands include flags for file selection (glob patterns) and model selection, allowing the agent to perform complex analysis on the local codebase.\n- [PROMPT_INJECTION]: The skill is designed to process external code files which creates a surface for Indirect Prompt Injection. However, the risk is inherent to the skill's function and is mitigated by the provided best practices.\n - Ingestion points: Local source files and configuration files (e.g.,
src/**,package.json) targeted by the CLI commands.\n - Boundary markers: Relies on the external CLI tool for data handling; the prompt templates use standard Markdown headers to separate sections.\n
- Capability inventory: The skill utilizes
Read,Grep, andGlobtools for file access, alongside the ability to execute the external reviewer tool.\n - Sanitization: No programmatic sanitization is defined, but the skill includes a 'DON'T' section explicitly warning users not to include sensitive information like keys or credentials.
Audit Metadata