skills/yangliu2060/smith--skills/grok/Gen Agent Trust Hub

grok

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local script (scripts/grok-call.sh) which invokes the user's local grok binary. This is the core intended functionality and is implemented with appropriate error handling and timeouts.
  • [DATA_EXFILTRATION]: User queries are transmitted to the external Grok service. To mitigate the risk of the external AI model attempting to access local secrets, the skill injects a mandatory instruction (filesystem boundary) into the prompt, explicitly forbidding the model from reading sensitive directories such as ~/.claude/, ~/.ssh/, or ~/.aws/.
  • [PROMPT_INJECTION]: The skill implements a robust defense against command injection by instructing the agent to save user queries to a temporary file via the Write tool. The execution script then reads this file as literal data using cat, rather than interpolating the text directly into a shell command, which prevents the execution of malicious sequences like backticks or variable expansion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 07:28 PM
Security Audit — agent-trust-hub — grok