home-assistant-awtrix
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): According to references/AWTRIX_HTTP_FILESYSTEM.md, the script scripts/awtrix_fs.py dynamically creates a virtual environment and installs the Pillow package at runtime. Unverifiable dependency installation at runtime is a risk vector.
- [COMMAND_EXECUTION] (MEDIUM): The SKILL.md file provides a shell loop pattern for deleting icons that pipes output from a device list command directly into a shell loop. This creates a vulnerability to indirect prompt injection (Category 8).
- Ingestion points: The script reads filenames from the AWTRIX device via GET /list?dir=/ICONS.
- Boundary markers: Absent in the suggested shell loop.
- Capability inventory: Shell execution (awk, while read), script execution (python3), and network operations.
- Sanitization: Absent; filenames are processed directly, allowing metacharacters to potentially break out of the shell command.
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches icon thumbnails from developer.lametric.com, which is not a whitelisted domain.
- [DATA_EXFILTRATION] (LOW): The skill performs network operations to local IP addresses and external domains to move file data, which could be misused if target parameters are controlled by an attacker.
Audit Metadata