groove-utilities-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security concerns were identified. The skill performs standard administrative tasks related to project documentation.
- [EXTERNAL_DOWNLOADS]: The generated GROOVE.md template includes a reference to the author's own package 'andreadellacorte/groove' via npx. This is considered a safe vendor-owned resource.
- [PROMPT_INJECTION]: The skill processes untrusted data from local files and user input to generate documentation, presenting an indirect injection surface that is inherent to its primary purpose. 1. Ingestion points: reads '.groove/index.md' and accepts user-provided context. 2. Boundary markers: Absent in the output templates. 3. Capability inventory: Read, Write, Edit, and Glob tool usage. 4. Sanitization: None applied to the interpolated values.
Audit Metadata