oracle
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation metadata and usage examples reference the
@steipete/oraclepackage from the NPM registry. This involves downloading code from an external source that is not listed among established trusted vendors. - [COMMAND_EXECUTION]: The skill documents the execution of the
oraclebinary andnpx, including the use ofnpx -ywhich bypasses execution prompts. It also describes running a server (oracle serve) that binds to all network interfaces (0.0.0.0), which may expose the local service to the network. - [DATA_EXFILTRATION]: The tool's primary function is to collect local file data and transmit it to external AI models or browser-based chat interfaces. While the documentation provides cautionary advice regarding secrets, the automated bundling of repository context represents a data exposure surface.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by design, as it enables the ingestion of arbitrary repository files into an LLM context.
- Ingestion points: Local project files and directories specified by the
--fileargument. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are included in the command patterns.
- Capability inventory: Local file system access, network communication with LLM APIs, and browser automation capabilities.
- Sanitization: No automated sanitization or filtering is described in the prompt patterns; the skill relies on manual user redaction.
Audit Metadata