oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill automates a browser to load a configurable chatgptUrl (see SKILL.md Step 4 and scripts/run_oracle.py) and consumes the external ChatGPT/custom-GPT responses as actionable guidance (run/evaluate the oracle and apply findings), so untrusted third-party content served from that URL can indirectly inject instructions into the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The run_oracle.py script invokes npx -y @steipete/oracle which at runtime fetches and executes the remote npm package (see https://www.npmjs.com/package/@steipete/oracle), meaning external code is fetched and run and it directly handles/sends the --prompt contents to ChatGPT—i.e., remote code controls agent prompts.