groove-utilities-task-create
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses authorized Bash tools (gh, linear, beans, npx) to interact with task management backends, which is the primary and intended function of the utility.
- [PROMPT_INJECTION]: Analyzed for potential indirect prompt injection surface. 1. Ingestion points: Reads configuration from .groove/index.md and task details from user input. 2. Boundary markers: Not explicitly required for this use case. 3. Capability inventory: Access to authorized CLI tools and file modification. 4. Sanitization: The risk is mitigated by the specific and limited scope of the command construction for task creation. The surface is consistent with the skill's utility and poses no significant security risk.
Audit Metadata