Skills
skills/hmbown/wizards-of-the-ghosts/sleep/Gen Agent Trust Hub

sleep

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill requires environment variables HA_URL and HA_TOKEN for Home Assistant integration. The setup instructions correctly advise verifying these in the active runtime and choosing low-risk targets for initial testing, which aligns with security best practices for credential management.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input describing systems or processes to be suspended.
  • Ingestion points: User-supplied system/process/notification channel descriptions via the /sleep command.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt template.
  • Capability inventory: The skill references Home Assistant (HA_TOKEN) and curl for potential integration actions, though the primary instructions focus on designing a plan.
  • Sanitization: No input validation or sanitization logic is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 09:14 AM
Security Audit — agent-trust-hub — sleep