graincrawl

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard development and build commands including go build, go test, go mod tidy, make smoke, and goreleaser check to manage the software lifecycle.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the Homebrew package manager to install and verify the application from the author's own repository (vincentkoc/tap/graincrawl).
  • [DATA_EXFILTRATION]: While the skill manages local SQLite archives of note-taking data, it emphasizes 'read-only' boundaries for live profiles and the use of isolated temporary directories for all testing and verification tasks.
  • [PROMPT_INJECTION]: The skill ingests content from local project files which could theoretically contain instructions, representing an indirect injection surface.
  • Ingestion points: Local files such as README.md, AGENTS.md, and SPEC.md within the target repository.
  • Boundary markers: Not explicitly defined for the ingested file content.
  • Capability inventory: Extensive command execution capabilities including go, git, brew, and make.
  • Sanitization: No specific content sanitization is mentioned for the documentation files processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 11:28 PM
Security Audit — agent-trust-hub — graincrawl