skills/acedergren/agentic-tools/oci/Gen Agent Trust Hub

oci

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Runtime compilation and process injection. * Script: oci-pptx/scripts/office/soffice.py. * Evidence: The script writes C source code to a temporary file, compiles it into a shared library using gcc, and injects it into a subprocess via LD_PRELOAD to intercept system calls like socket and listen.
  • [COMMAND_EXECUTION]: Administrative database modification script. * Script: oracle-dba/references/security-remediation.sql. * Evidence: The script contains logic to perform extensive security hardening, such as revoking system privileges (ALTER SYSTEM), locking inactive user accounts, and modifying password profiles across the database.
  • [REMOTE_CODE_EXECUTION]: Remote script execution patterns in documentation. * File: oracle-dba/references/oci-cli.md. * Evidence: The documentation includes a bash command to download and execute an installation script from a remote server (curl | bash).
  • [EXTERNAL_DOWNLOADS]: Installation of external dependencies from public registries. * Files: oci-pptx/README.md, oracle-dba/references/mcp-tools.md. * Evidence: Instructions for installing packages via pip and npm, as well as cloning external repositories from GitHub.
  • [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection. * Ingestion Points: oci-pptx/scripts/office/unpack.py extracts XML content from PowerPoint files; fastify-better-auth-bridge resolution of headers. * Boundary Markers: Absent in data interpolation points. * Capability Inventory: Includes system command execution and administrative SQL capabilities. * Sanitization: Focuses on structural validation rather than filtering of embedded natural language instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 02:15 AM
Security Audit — agent-trust-hub — oci