groove-groovebook-publish
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted data from multiple sources and uses it to drive agent actions without sufficient isolation.
- Ingestion points: Data enters the agent's context through the
$ARGUMENTSvariable, the.groove/index.mdconfiguration file, and interactive user prompts via theAskUserQuestiontool. - Boundary markers: The skill lacks explicit delimiters or specific 'ignore instructions' markers when processing external data, which could allow malicious instructions in those inputs to influence the agent.
- Capability inventory: The skill utilizes powerful tools including
Bash(git:*),Bash(gh:*),Write, andEdit, which could be exploited to perform unauthorized repository or filesystem operations if an injection occurs. - Sanitization: The skill performs basic sanitization for filenames (slugification) and includes a dedicated step requiring the user to manually review and redact project-specific context before the final publication step.
Audit Metadata