Skills
skills/soul-brews-studio/oracle-skills-cli/oracle-family-scan/Gen Agent Trust Hub

oracle-family-scan

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface identified in the 'welcome' workflow (Mode 9).
  • Ingestion points: The skill retrieves untrusted data from GitHub issue titles and bodies via gh issue view from the Soul-Brews-Studio/oracle-v2 repository (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are documented as being used when interpolating this external data into the AI's processing context.
  • Capability inventory: The skill has the capability to write to the external repository using gh issue comment (SKILL.md) and execute local scripts via bun (fleet-scan.ts).
  • Sanitization: There is no evidence of content filtering or sanitization for the retrieved issue data prior to use in prompt generation.
  • Mitigation: The skill incorporates a human-in-the-loop review step where drafts are saved for approval before the final comment is posted to GitHub.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 06:40 AM