ghcrawl-cluster-operator
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing various subcommands of the
ghcrawlCLI tool, such assync,refresh,embed, andcluster. These commands manage a local SQLite database and interact with external APIs. - [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it ingests and processes untrusted data from GitHub issues and pull requests.
- Ingestion points: External data enters the system through the
ghcrawl syncandghcrawl refreshcommands, which fetch content from GitHub repositories (documented inSKILL.md). - Boundary markers: The skill instructions lack explicit boundary markers or delimiters to differentiate between system instructions and the content retrieved from GitHub.
- Capability inventory: The skill possesses the capability to execute shell commands and perform network operations via the
ghcrawlutility. - Sanitization: There is no evidence of sanitization or filtering of the fetched GitHub data before it is used for generating LLM summaries or embeddings.
Audit Metadata