oracle

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation metadata and usage examples reference the @steipete/oracle package from the NPM registry. This involves downloading code from an external source that is not listed among established trusted vendors.
  • [COMMAND_EXECUTION]: The skill documents the execution of the oracle binary and npx, including the use of npx -y which bypasses execution prompts. It also describes running a server (oracle serve) that binds to all network interfaces (0.0.0.0), which may expose the local service to the network.
  • [DATA_EXFILTRATION]: The tool's primary function is to collect local file data and transmit it to external AI models or browser-based chat interfaces. While the documentation provides cautionary advice regarding secrets, the automated bundling of repository context represents a data exposure surface.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by design, as it enables the ingestion of arbitrary repository files into an LLM context.
  • Ingestion points: Local project files and directories specified by the --file argument.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are included in the command patterns.
  • Capability inventory: Local file system access, network communication with LLM APIs, and browser automation capabilities.
  • Sanitization: No automated sanitization or filtering is described in the prompt patterns; the skill relies on manual user redaction.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — oracle