groom
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses the
gh(GitHub CLI) to perform repository management tasks, including listing issues, executing GraphQL mutations, and modifying milestones. These commands often interpolate variables like repository names and issue numbers directly into the shell context. - Evidence:
gh issue list,gh api graphql, andgh project item-addare used throughout the workflow to audit and update the repository state. - Evidence: The skill uses the
opencommand to launch the system's default web browser for viewing generated HTML dashboards. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from existing GitHub issues and local project documentation without explicit sanitization.
- Ingestion points: Reads existing issue titles and bodies via
gh issue listand project-specific vision statements fromvision.mdin Phase 1. - Boundary markers: None identified; the agent incorporates the retrieved issue content directly into its context for theme synthesis and strategic brainstorming.
- Capability inventory: The skill possesses high-privilege capabilities including the ability to create, edit, and close GitHub issues, modify project boards, write to the local file system, and execute shell commands.
- Sanitization: No evidence of escaping or instruction-filtering for content retrieved from existing issues or user-provided vision files.
Audit Metadata