Skills
skills/andreadellacorte/groove/groove-admin-install/Gen Agent Trust Hub

groove-admin-install

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches companion skills from official Vercel Labs repositories and the author's own repository to extend agent capabilities.
  • [COMMAND_EXECUTION]: Executes shell commands to manage repository structure, create symlinks for IDE platform integration (Claude and Cursor), and install dependencies via npx.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes repository-level configuration data which represents a surface for indirect prompt injection. * Ingestion points: Reads configuration from .groove/index.md. * Boundary markers: No explicit markers or warnings to ignore instructions within the config file. * Capability inventory: The skill has access to Bash, Write, Edit, Glob, and Grep tools. * Sanitization: No explicit sanitization or validation of the config data is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM