Skills
skills/nick-neely/homescout/homescout-ingest/Gen Agent Trust Hub

homescout-ingest

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests untrusted data from local JSON/JSONL files (e.g., current.json, history/*.jsonl). Fields such as hostname, friendly_name, or notes in the scan output could be influenced by an attacker on the network to contain prompt injection payloads.
  • Ingestion points: current.json, history/*.jsonl, speedtests.jsonl via jq, rg, and awk commands.
  • Boundary markers: None. The instructions do not specify using delimiters or warnings to treat the data as untrusted.
  • Capability inventory: The skill uses subprocess execution for jq, rg, awk, and gzip. It does not perform network operations or file writes.
  • Sanitization: No sanitization or validation of the JSON string content is performed before the agent processes the tool output.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM