groove-utilities-memory-log-git
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool but implements a restriction to only allow git-related commands (git:*). This is a strong security control that prevents the agent from executing arbitrary shell commands.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository's git history.
- Ingestion points: Data enters the agent's context through the outputs of 'git log', 'git status', and 'git diff' commands.
- Boundary markers: The template provided in 'templates/git.md' lacks explicit delimiters or instructions to the agent to ignore any commands or instructions that might be embedded within the git data.
- Capability inventory: The skill possesses extensive file system permissions (Read, Write, Edit, Glob, Grep), restricted shell access, and the ability to ask user questions.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the git command outputs before they are written to the memory log files.
Audit Metadata