finishing-grove-workspace
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill automatically executes test commands (e.g.,
go test,npm test,pytest,make test) based on the presence of project marker files. While standard for a CI/CD or dev-wrap-up tool, this involves executing code defined within the repository. - DATA_EXFILTRATION (LOW): Uses
git pushand the GitHub CLI (gh) to transmit local code and commit history to remote servers. This is an intended function of the skill but involves data transfer to external endpoints. - INDIRECT_PROMPT_INJECTION (LOW): The skill extracts metadata from
.grove/workspace.jsonand uses git commit messages to generate PR titles and bodies without explicit sanitization mentioned. - Ingestion points:
.grove/workspace.json, git branch names, and git commit summaries. - Boundary markers: None specified for the interpolation of metadata into command strings.
- Capability inventory: Shell execution of test runners,
git push,gh pr create, andgrove destroy. - Sanitization: None specified; the skill relies on the agent to safely handle the transition from untrusted string data to shell command arguments.
Audit Metadata