groove-work-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from git history and diffs.
- Ingestion points: The skill reads git log and git diff output to perform its primary analysis in SKILL.md.
- Boundary markers: There are no instructions to use delimiters or ignore embedded commands within the analyzed code.
- Capability inventory: The agent has the ability to modify files via Write and Edit tools and execute restricted shell commands via Bash(git:*).
- Sanitization: No sanitization of the input data from the git repository is performed.
Audit Metadata