oracle
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata includes an installation step for the '@steipete/oracle' package from the npm registry.
- [REMOTE_CODE_EXECUTION]: The documentation recommends using 'npx -y @steipete/oracle' to execute the tool directly from the public npm repository.
- [COMMAND_EXECUTION]: The skill provides instructions for running the 'oracle' CLI, which has the capability to read local files and perform network operations to communicate with AI engines via API or browser automation.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from local files into an LLM context, creating a surface for indirect prompt injection.
- Ingestion points: The
--fileflag in SKILL.md allows the aggregation of arbitrary files, directories, and globs from the workspace. - Boundary markers: The tool honors .gitignore and excludes common build directories, though no explicit instructions for prompt boundary markers are provided in the guide.
- Capability inventory: The tool performs local file read operations and network requests to transmit bundled context to external AI providers (such as OpenAI and Gemini).
- Sanitization: The implementation includes default filters for sensitive directories (e.g., .git, node_modules) and restricts processing to files under 1MB.
- [SAFE]: No malicious patterns such as credential theft, obfuscation, or unauthorized data exfiltration were identified. The instructions include specific advice to avoid attaching secrets and sensitive keys to the tool's payloads.
Audit Metadata