ghcrawl-cluster-operator

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing various subcommands of the ghcrawl CLI tool, such as sync, refresh, embed, and cluster. These commands manage a local SQLite database and interact with external APIs.
  • [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it ingests and processes untrusted data from GitHub issues and pull requests.
  • Ingestion points: External data enters the system through the ghcrawl sync and ghcrawl refresh commands, which fetch content from GitHub repositories (documented in SKILL.md).
  • Boundary markers: The skill instructions lack explicit boundary markers or delimiters to differentiate between system instructions and the content retrieved from GitHub.
  • Capability inventory: The skill possesses the capability to execute shell commands and perform network operations via the ghcrawl utility.
  • Sanitization: There is no evidence of sanitization or filtering of the fetched GitHub data before it is used for generating LLM summaries or embeddings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 11:28 PM
Security Audit — agent-trust-hub — ghcrawl-cluster-operator