groove-work-exec
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions do not contain any malicious patterns or security risks. It follows standard practices for reading local configuration and updating task backends.
- [COMMAND_EXECUTION]: The skill requests use of the Bash tool but restricts it to git commands (git:*), adhering to the principle of least privilege.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local configuration files. While this is an attack surface, it is a standard requirement for the skill's purpose. Ingestion points: .groove/index.md; Boundary markers: None; Capability inventory: Write, Edit, Bash(git:*); Sanitization: None.
Audit Metadata