grove-multi-agent
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability identified in Step 5. The skill interpolates external task descriptions directly into subagent prompt templates without boundary markers or sanitization. • Ingestion points: Tasks received from users or dispatching agents in Step 1. • Boundary markers: Absent; the description is embedded directly in the 'Your task' field. • Capability inventory: Subagents can execute shell commands, modify workspace files, and perform git operations. • Sanitization: No escaping or validation is applied to task content.
- [COMMAND_EXECUTION]: The skill utilizes 'grove', 'git', and 'gh' CLI tools to manage workspaces and pull requests. It dynamically constructs shell commands using user-provided inputs like branch prefixes and task names which, while standard for its purpose, creates a command execution surface.
Audit Metadata