Skills
skills/starchild-ai-agent/official-skills/lunarcrush/Gen Agent Trust Hub

lunarcrush

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill adheres to secure configuration standards by managing API credentials through the LUNARCRUSH_API_KEY environment variable rather than hardcoded secrets.
  • [SAFE]: External API calls are directed only to the verified LunarCrush API domain (https://lunarcrush.com/api4) and use the system's proxied_get utility for enhanced security.
  • [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection as it ingests and processes external social media data into the agent's context.
  • Ingestion points: Tools such as lunar_search_content and lunar_topic_posts in tools/topics.py fetch titles, bodies, and descriptions from external platforms (e.g., Twitter, Reddit).
  • Boundary markers: The skill does not implement delimiters or specific warnings to isolate untrusted external text from the agent's instructional context.
  • Capability inventory: The skill functions as a data provider and does not include tools for file system manipulation, persistent storage, or arbitrary code execution.
  • Sanitization: Content retrieved from the API is passed to the agent without filtering or sanitization for potential instructions hidden in the social media text.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 07:05 PM