lunarcrush
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to
https://lunarcrush.com/api4to retrieve social sentiment data. This is the primary function of the skill; however, the domain is not among the whitelisted developer service domains. - [PROMPT_INJECTION]: The skill processes untrusted content from external social media platforms, creating a surface for indirect prompt injection where malicious instructions embedded in social posts could influence the agent.
- Ingestion points: Untrusted social media posts and news summaries are retrieved in
tools/topics.pyandtools/creators.pyvia tools such aslunar_topic_postsandlunar_creator_posts. - Boundary markers: The skill does not implement explicit boundary markers or instructions to the agent to disregard commands within the fetched data.
- Capability inventory: Analysis of
lunarcrush.pyand thetools/directory indicates the skill does not have dangerous capabilities like file writing, command execution, or dynamic code evaluation. - Sanitization: No sanitization or filtering of the retrieved social content is performed before returning it to the agent.
Audit Metadata