The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
Ingestion points: Data is read from .groove/IDENTITY.md and the GitHub API (api.github.com).
Boundary markers: The content is output under markdown headers but lacks explicit 'ignore instructions' delimiters for the identity section.
Capability inventory: The skill has extensive system permissions including Bash (git, gh, npx), Read, Write, and Edit file access.
Sanitization: There is no evidence of sanitization for the content of IDENTITY.md or the API response before it is echoed to the agent context.
[EXTERNAL_DOWNLOADS]: The skill performs a network request to the GitHub API to check for updates. This is a standard update mechanism targeting the author's repository and is considered a neutral finding.
[COMMAND_EXECUTION]: The skill requests broad permissions for several Bash toolsets (git, gh, npx, linear). While these are not used maliciously within this specific skill, they provide the agent with significant system capabilities.

groove-utilities-prime