about-oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) explicitly runs GitHub queries and a fleet-scan script (e.g., "gh repo list Soul-Brews-Studio --limit 100 ..." and "gh issue view 60 --repo Soul-Brews-Studio/oracle-v2 ..." and "bun ... fleet-scan.ts"), which fetch public, user-generated GitHub content that the agent is expected to read and incorporate into its output, so untrusted third-party content could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs a runtime GitHub fetch (gh issue view 60 --repo Soul-Brews-Studio/oracle-v2 --json body -q '.body' …) which pulls content from https://github.com/Soul-Brews-Studio/oracle-v2/issues/60 and injects that remote text into the skill output (used to build the family tree), so external GitHub content is fetched at runtime and can directly influence the agent's prompts/output.