Skills
skills/autumnsgrove/groveengine/crane-audit/Gen Agent Trust Hub

crane-audit

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands such as gw gh pr view, gw gh pr diff, bun svelte-check, and tsc --noEmit. These commands are used to gather PR context and perform type validation on the code. They rely on variables like {number} and {package_path} derived from the PR context.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from pull request descriptions and code diffs. A malicious actor could embed instructions within a PR to influence the agent's audit report or bypass compliance checks.\n
  • Ingestion points: PR metadata and diff content retrieved via gw gh pr view and gw gh pr diff.\n
  • Boundary markers: None identified; the agent reads and processes the diff content directly.\n
  • Capability inventory: Execution of shell commands (bun, tsc) and directory navigation (cd) across all scripts.\n
  • Sanitization: The skill lacks explicit sanitization or filtering of the untrusted PR content before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:20 AM