Garden

Security checks across malware telemetry and agentic risk

Overview

This is a local garden-record skill whose file-writing behavior is disclosed and scoped, though users should be aware it may save garden notes from broad conversational triggers.

Install only if you want a local persistent garden notebook. Ask the agent to preview entries before saving, and periodically review ~/garden for records you did not intend to keep.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The 'When to Use' section is broad enough that the skill could activate for many general gardening discussions, causing the agent to enter persistent-memory workflows without a clearly bounded user request. In a file-writing skill, overly permissive activation increases the chance of unintended reads, writes, or setup prompts during casual conversation.

Vague Triggers

High

Confidence: 96% confidence
Finding: The setup text says that user engagement with the skill 'implies interest' and instructs the agent to 'start helping them naturally,' which treats general interaction as consent for setup-related actions. Because the skill manages local files in ~/garden, this ambiguous implied-consent model can lead to unintended file creation, reading setup instructions, or initiating stateful behavior without explicit permission.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The workflow explicitly instructs the agent to update a plant's health history, which is a state-changing file write, but it does not require notifying the user or obtaining confirmation before modifying stored records. In a memory-backed skill, silent writes can create unexpected persistence, inaccurate records, or privacy/trust issues if observations or diagnoses are logged without the user's clear consent.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The supported query phrases are broad, natural-language triggers that could match ordinary conversation and unintentionally activate the skill. In an agent environment, this can cause the system to load garden files, infer dates, and generate plans when the user did not explicitly request this skill, creating misrouting and unintended data exposure within the garden context.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The setup instructs the agent to determine broad activation conditions such as helping whenever the user mentions plants, which can cause the skill to trigger outside clearly intentional invocation. This creates a real risk of over-collection, unintended memory writes, or behavior changes in conversations that only incidentally reference gardening topics.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instruction to log garden activity whenever the user 'mentions garden activity' is overly broad and can trigger writes from casual conversation rather than explicit save requests. In a memory-writing skill, this can cause unintended persistence of inaccurate, sensitive, or speculative information, especially if the user is discussing possibilities, plans, or past events rather than asking to record them.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill directs automatic appending to monthly logs and updating harvest records without any warning, confirmation, or review step. This creates a data integrity and privacy risk because the assistant may silently modify persistent files based on ambiguous user statements, making accidental or misleading records hard to detect and correct over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal