groom
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to list, create, and edit issues, milestones, and projects. It also employs standard shell utilities such asfind,cat,head, andmkdirto analyze local project context. Theopencommand is used to display a locally generated HTML visual dashboard. - [EXTERNAL_DOWNLOADS]: The skill orchestrates sub-agents to perform web-grounded research and cross-repository investigation. These tasks target well-known technology organizations and utilize official GitHub APIs for data retrieval.
- [DATA_EXFILTRATION]: The skill reads project-specific metadata files like
project.md,CLAUDE.md, and.groom/retro.mdto establish context for the session. This data is processed locally to inform the grooming process and is not exfiltrated to unauthorized domains. - [PROMPT_INJECTION]: The skill ingests external data from existing GitHub issues. While this constitutes an indirect prompt injection surface, the risk is mitigated by the skill's design, which requires multi-model consensus (
/thinktank) and automated quality gates (/issue lint) before finalizing any output.
Audit Metadata