home-assistant-dashboards-cards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly includes HACS-related tooling (ha_hacs_search, ha_hacs_download) and references custom resources under /hacsfiles//.js, which involve fetching and installing community (user-generated) repositories—untrusted third-party content—into dashboards as part of its workflow.