groove-work-spec
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes explicit instructions to sanitize inputs used for filenames, specifically targeting path traversal patterns like
../to prevent unauthorized file writes outside the intended directory. - [COMMAND_EXECUTION]: The skill allows the use of the
Bashtool but restricts its usage togit:*commands, which effectively limits the potential for arbitrary code execution. - [PROMPT_INJECTION]: The skill processes external data from the codebase and configuration files, creating a surface for indirect prompt injection. However, the requirement to interview the user for key decisions and the isolated context for writing the specification act as significant mitigations against automated exploitation.
Audit Metadata