Skills
skills/andreadellacorte/groove/skills/Gen Agent Trust Hub

skills

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute code from external sources. Specifically, the add command in commands/add.md executes npx --yes skills add <owner/repo>, where the repository path is a user-controlled argument. The install command in commands/install.md also executes npx skills add vercel-labs/find-skills to install the search backend.
  • [EXTERNAL_DOWNLOADS]: The skill fetches executable content and metadata from the npm registry and GitHub repositories during the installation and update processes (npx skills add, npx skills check).
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform system-level operations, including Git root detection via git rev-parse --show-toplevel and package management via npx.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data from skill repositories and local configuration files.
  • Ingestion points: The skill reads repository paths from user input and configuration from .groove/index.md and skills-lock.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded instructions within processed skill data are specified.
  • Capability inventory: The skill possesses the ability to execute shell commands (npx, git), read and write files (skills-lock.json), and interact with the user.
  • Sanitization: There is no evidence of validation or sanitization of the <owner/repo> string before it is passed to the shell-executed npx command.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 06:04 PM