oracle

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly invokes npx -y @steipete/oracle (which fetches and executes the @steipete/oracle package from npm at runtime — e.g. https://www.npmjs.com/package/@steipete/oracle), and that fetched code is responsible for assembling/sending prompts and executing the CLI logic, so it is an external runtime dependency that can execute remote code and control prompts.