grok
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run a local script (scripts/grok-call.sh) which invokes the user's localgrokbinary. This is the core intended functionality and is implemented with appropriate error handling and timeouts. - [DATA_EXFILTRATION]: User queries are transmitted to the external Grok service. To mitigate the risk of the external AI model attempting to access local secrets, the skill injects a mandatory instruction (filesystem boundary) into the prompt, explicitly forbidding the model from reading sensitive directories such as
~/.claude/,~/.ssh/, or~/.aws/. - [PROMPT_INJECTION]: The skill implements a robust defense against command injection by instructing the agent to save user queries to a temporary file via the
Writetool. The execution script then reads this file as literal data usingcat, rather than interpolating the text directly into a shell command, which prevents the execution of malicious sequences like backticks or variable expansion.
Audit Metadata