groove-work-compound
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: The skill parses the 'full chat thread' (SKILL.md) to extract lessons and deferred items. 2. Boundary markers: Absent; there are no delimiters or specific instructions to isolate user-generated content from the agent's logic. 3. Capability inventory: The skill has permissions for Write, Edit, Bash(git:*), and calls various tools like /groove-utilities-task-create (SKILL.md). 4. Sanitization: Absent; no validation or escaping is specified for content derived from the conversation before it is used in file updates or command parameters.
- [COMMAND_EXECUTION]: The skill utilizes the Bash(git:*) tool for version control operations and interacts with a suite of vendor-provided utilities such as /groove-utilities-memory-mistakes and /groove-utilities-memory-promises to maintain project state.
Audit Metadata