groove-work-work
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or unauthorized network activity were detected in the skill instructions or metadata.
- [COMMAND_EXECUTION]: The skill uses the Bash tool but restricts its scope to Git commands (git:*), which limits the risk of arbitrary command execution while allowing version control operations necessary for the task.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading configuration data from a local file.
- Ingestion points: Reads task-related settings from .groove/index.md.
- Boundary markers: No specific delimiters or safety instructions are defined for the ingested data.
- Capability inventory: The skill possesses file writing/editing permissions and the ability to execute git commands.
- Sanitization: No explicit sanitization or validation logic is present for the data read from the configuration file.
Audit Metadata