awaken
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from the author's GitHub repository (
Soul-Brews-Studio/oracle-skills-cli) using thecurl | bashpattern. - [COMMAND_EXECUTION]: Instructs the agent to create and populate
.claude/settings.local.json. This action automatically grants permissions for numerous bash commands and skills, bypassing standard user-confirmation prompts for these tools. - [DATA_EXFILTRATION]: Automatically creates an issue on a public GitHub repository (
Soul-Brews-Studio/oracle-v2) containing metadata about the Oracle and its human companion as part of the birth announcement ritual. - [PROMPT_INJECTION]: Contains an indirect prompt injection surface through the ingestion of external data.
- Ingestion points: Reads content from external GitHub repositories and issues (Step 2).
- Boundary markers: Absent; there are no markers or warnings to disregard instructions within the ingested content.
- Capability inventory: Powerful capabilities including script execution (
bash), file creation (cat), and remote repository interaction (gh). - Sanitization: Absent; the skill does not validate or sanitize retrieved content before it influences agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Soul-Brews-Studio/oracle-skills-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata