Skills
skills/andreadellacorte/groove/groove-work-plan/Gen Agent Trust Hub

groove-work-plan

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading external codebase data to inform its decision-making and tool use.
  • Ingestion points: Processes codebase content using Read, Glob, Grep, and the Explore agent (SKILL.md).
  • Boundary markers: Absent; there are no specific delimiters or instructions to ignore potential commands embedded within the code being researched.
  • Capability inventory: Possesses Write, Edit, and restricted Bash permissions, and can call the /groove-utilities-task-create utility (SKILL.md).
  • Sanitization: Content from the codebase is not sanitized or validated before being incorporated into implementation plans or used as input for task creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 09:04 AM