groove-work-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and metadata revealed no malicious patterns, deceptive content, or unauthorized data exfiltration attempts. The requested tool permissions are consistent with the skill's primary auditing and code review purpose.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool restricted to git commands to analyze branch differences and gather context. This is a legitimate use of system commands for repository auditing and is limited in scope to prevent arbitrary execution.
- [PROMPT_INJECTION]: The skill processes external branch data and local configuration files. To mitigate injection risks, the skill includes explicit instructions to sanitize the topic argument by stripping path separators and traversal patterns like '../'. It also specifies that analysis should be run in an isolated context.
Audit Metadata