home-assistant-dashboards-cards
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): High vulnerability to Indirect Prompt Injection (Category 8) because the skill ingests untrusted data from existing dashboard configurations and HACS searches which can contain hidden instructions. Evidence: Ingestion points include
ha_config_get_dashboardandha_hacs_search(SKILL.md). Boundary markers are absent in the workflow. Capability inventory includes high-impact actions likeha_config_set_dashboardandha_hacs_download. Sanitization of external content is not specified. - REMOTE_CODE_EXECUTION (HIGH): The mapping to
ha_hacs_downloadfacilitates the installation of third-party JavaScript modules from arbitrary GitHub repositories. These modules are executed in the user's session, creating a remote code execution vector if the agent is directed to a malicious repository via crafted metadata or user requests. - EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the download of unverified resources from HACS and GitHub, which are not included in the trusted source whitelist. This increases the risk of supply chain attacks within the Home Assistant environment.
Recommendations
- AI detected serious security threats
Audit Metadata