Skills
skills/andreadellacorte/groove/groove-daily-end/Gen Agent Trust Hub

groove-daily-end

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the 'find' command to check for markdown files older than 30 days for maintenance purposes.
  • [COMMAND_EXECUTION]: The skill reads and executes actions from a local '.groove/hooks/end.md' file, providing a mechanism for post-workflow automation within the agent's restricted toolset.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes instructions from local configuration and hook files that can control agent actions.
  • Ingestion points: '.groove/index.md' and '.groove/hooks/end.md'.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands were identified.
  • Capability inventory: The skill has access to restricted Bash (git/find), file reading, writing, and editing capabilities.
  • Sanitization: No explicit sanitization or validation of the hook actions was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 09:04 AM