groove-utilities-memory-log-daily
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool with a restricted scope (git:*) to fetch commit history and diffs for generating activity summaries. This use of shell execution is limited to the git binary and is necessary for the skill's core functionality.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing untrusted data from git logs and task descriptions to create summaries. Ingestion points: git diff output and task files. Boundary markers: Absent. Capability inventory: File system access (Read, Write, Edit) and restricted Bash (git). Sanitization: No explicit sanitization of the input text is mentioned. This surface is considered a standard risk for summarization tasks and does not indicate malicious intent.
Audit Metadata