Was checking out your repo and ran it through Trustabl. A couple of things seemed worth mentioning - the scan found 2 findings, with 1 high and 1 medium severity. One pattern was that CrewAI tool fetches a caller-controlled URL, which might be an SSRF risk, and another is that Skill fetches untrusted external content.
Add Trustabl to your CI — trustabl/trustabl-action:
- name: Trustabl scan
uses: trustabl/trustabl-action@v1
Was checking out your repo and ran it through Trustabl. A couple of things seemed worth mentioning - the scan found 2 findings, with 1 high and 1 medium severity. One pattern was that CrewAI tool fetches a caller-controlled URL, which might be an SSRF risk, and another is that Skill fetches untrusted external content.
Add Trustabl to your CI — trustabl/trustabl-action: