graincrawl
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata defines an installation step that fetches a Go module from an external GitHub repository (
github.com/vincentkoc/graincrawl/cmd/graincrawl@latest). This installs a binary from a non-established source into the execution environment. - [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands using the installed
graincrawltool. This includes the ability to execute arbitrary SQL queries against local data, which could be misused if input is not properly handled. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from notes and transcripts.
- Ingestion points: Data is retrieved from local archives via the
search,notes,note get,transcripts get, andpanels getsubcommands. - Boundary markers: The instructions do not include specific delimiters or warnings to ignore potentially malicious instructions embedded within the notes or transcripts.
- Capability inventory: The agent has the capability to execute shell commands and perform network synchronization through the
graincrawltool. - Sanitization: There is no evidence of content sanitization or validation before the data is processed by the agent.
Audit Metadata