groundhog-surface
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local environment tools 'gf' and 'gw' to perform read-only searches for project configuration files and git context.
- [SAFE]: The skill contains explicit instructions to never modify the codebase, create features, or fix bugs, ensuring it remains a read-only observation tool.
- [SAFE]: Persistence is confined to a local hidden directory ('.claude/') and the skill specifically recommends excluding this path from version control to prevent state collisions.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by ingesting data from project configuration files. 1. Ingestion points: Reads 'package.json', 'tsconfig.json', and 'wrangler.toml' in SKILL.md. 2. Boundary markers: None used to delimit external content. 3. Capability inventory: Limited to local file reading and writing to a session-specific ground file; no network or arbitrary code execution capabilities. 4. Sanitization: No validation or escaping of ingested file content before being presented in the assumption map.
Audit Metadata