Skip to content

Noticed a few security patterns in your repo #19

Description

@joshua-trustabl

Was checking out your repo and ran it through Trustabl. A couple of things seemed worth mentioning - the scan found 2 findings, with 1 high and 1 medium severity. One pattern was that CrewAI tool fetches a caller-controlled URL, which might be an SSRF risk, and another is that Skill fetches untrusted external content.


Add Trustabl to your CI — trustabl/trustabl-action:

- name: Trustabl scan
  uses: trustabl/trustabl-action@v1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions