Skills
skills/athola/claude-night-market/digital-garden-cultivator/Gen Agent Trust Hub

digital-garden-cultivator

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions to bypass git pre-commit hooks using the command SKIP=... git commit in the troubleshooting section of SKILL.md. This encourages bypassing established security and quality validation filters.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through its data processing workflow. Ingestion points: The skill reads external data from garden.json files via the garden_metrics.py script. Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potentially malicious content within the JSON files. Capability inventory: The skill performs shell command execution via python scripts/garden_metrics.py. Sanitization: No evidence of input validation or escaping for the data content is described in the provided files.
  • [COMMAND_EXECUTION]: The skill executes a local Python script garden_metrics.py using paths provided in the command line.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 PM