about-oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and ingest public, user-generated GitHub content (e.g., gh repo list Soul-Brews-Studio ... and gh issue view 60 --repo Soul-Brews-Studio/arra-oracle-v3 ... and the fleet-scan/issue-fetch flows) and to use that live data to build the family tree/stats and narrative, so untrusted third-party content is read and can influence the skill's outputs/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs GitHub CLI commands at runtime that fetch issue/body content from the remote repo Soul-Brews-Studio/arra-oracle-v3 (e.g., "gh issue view 60 --repo Soul-Brews-Studio/arra-oracle-v3"), and that fetched text is injected into the agent's output/context for the family/scan flows, so external content can directly control the agent's responses.