mcp-hass
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npx -y mcporterto download and execute code from the npm registry at runtime, which bypasses local source review for the tool's logic. - [COMMAND_EXECUTION]: Relies on shell commands for configuration (
mcporter config add) and operation (mcporter call), granting the agent capability to run system-level commands with variable arguments. - [EXTERNAL_DOWNLOADS]: Fetches dependencies from the public npm registry and references documentation from the third-party GitHub repository
steipete/mcporter. - [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external data from the Home Assistant environment.
- Ingestion points: The skill retrieves dynamic state information via
home-assistant.GetLiveContext. - Boundary markers: No delimiters or specific instructions are provided to the agent to treat external data as untrusted.
- Capability inventory: The skill has extensive control over smart home devices and can execute shell-based commands via
npx. - Sanitization: No validation or escaping is applied to the data retrieved from Home Assistant before it is processed by the agent.
Audit Metadata