yao-chatgpt-crawler
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestration scripts scripts/chatgpt_batch_crawl.mjs and scripts/chatgpt_browser_crawl.mjs execute the opencli command using spawn and execFileSync. These calls are implemented using argument arrays, which is a secure practice that prevents shell command injection.
- [SAFE]: The script scripts/test_entity_recognition.py performs dynamic loading of a local Python script, and scripts/chatgpt_browser_crawl.mjs executes a hardcoded JavaScript snippet in the browser via the opencli tool. Both operations utilize static, locally defined strings and paths that are consistent with the skill's intended crawler functionality.
- [SAFE]: No evidence of prompt injection, hardcoded credentials, or network exfiltration to unauthorized third-party domains was detected during the analysis.
Audit Metadata