groove-admin-config
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing external data.
- Ingestion points: User-provided values from AskUserQuestion and existing configuration data from .groove/index.md.
- Boundary markers: Absent; inputs are interpolated into file templates without delimiters or ignore instructions.
- Capability inventory: The skill utilizes Write and Edit tools for file modification, and restricted Bash commands for git, github, and npx operations.
- Sanitization: There is no evidence of input validation or escaping for the user-supplied configuration keys or values.
- [EXTERNAL_DOWNLOADS]: The skill is authorized to use npx via bash, which can lead to the download and execution of packages from the npm registry during the configuration process or subsequent steps.
- [COMMAND_EXECUTION]: The skill defines a restricted set of bash commands (git, beans, gh, linear, npx, mkdir). These commands are consistent with the tool's administrative purpose and the author's infrastructure.
Audit Metadata