Skills
skills/curiositech/some_claude_skills/fancy-yard-landscaper/Gen Agent Trust Hub

fancy-yard-landscaper

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill does not contain any executable scripts, Python code, or Node.js logic. It consists entirely of informational and instructional markdown files.
  • [COMMAND_EXECUTION]: The skill's configuration enables the Bash tool. For a lifestyle and landscaping skill, providing access to a shell environment represents an unnecessary expansion of privileges that could be leveraged if the agent is subverted.
  • [PROMPT_INJECTION]: The skill has a notable indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the context through user-provided yard photos and property descriptions as part of the 'Photo Documentation Guide' (SKILL.md).
  • Boundary markers: The instructions do not include delimiters or specific 'ignore embedded instructions' directives to prevent the agent from obeying commands hidden in analyzed content.
  • Capability inventory: The agent has access to powerful tools including Bash, WebFetch, Write, and Edit.
  • Sanitization: There is no evidence of input validation or sanitization instructions to handle external content safely before it is processed by high-capability tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:57 PM