awaken
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any executable code or scripts that perform malicious actions. It focuses on providing a framework for interaction with existing, authorized systems while prioritizing the preservation of the substrate system's safety boundaries and permissions.- [COMMAND_EXECUTION]: The skill's procedure involves the use of the 'curl' binary to interact with external APIs. Evidence: Use of curl for sending POST requests to specific Home Assistant API endpoints such as '/api/services/scene/turn_on' and '/api/services/automation/trigger'.- [PROMPT_INJECTION]: As a framework for wrapping non-intelligent systems, the skill has an inherent surface for indirect prompt injection via the data it processes. * Ingestion points: Natural language user intents and state data read from the systems being 'awakened'. * Boundary markers: The procedure does not explicitly define delimiters or 'ignore' instructions for the data it processes. * Capability inventory: Shell command execution via curl for network operations. * Sanitization: The instructions do not specify any sanitization or validation of the input data before it is processed by the agent.
Audit Metadata