graincrawl
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development and build commands including
go build,go test,go mod tidy,make smoke, andgoreleaser checkto manage the software lifecycle. - [EXTERNAL_DOWNLOADS]: The skill interacts with the Homebrew package manager to install and verify the application from the author's own repository (
vincentkoc/tap/graincrawl). - [DATA_EXFILTRATION]: While the skill manages local SQLite archives of note-taking data, it emphasizes 'read-only' boundaries for live profiles and the use of isolated temporary directories for all testing and verification tasks.
- [PROMPT_INJECTION]: The skill ingests content from local project files which could theoretically contain instructions, representing an indirect injection surface.
- Ingestion points: Local files such as
README.md,AGENTS.md, andSPEC.mdwithin the target repository. - Boundary markers: Not explicitly defined for the ingested file content.
- Capability inventory: Extensive command execution capabilities including
go,git,brew, andmake. - Sanitization: No specific content sanitization is mentioned for the documentation files processed.
Audit Metadata