home-assistant-entities-services
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process and act upon data from Home Assistant entities, creating a surface where malicious device names, states, or attributes could influence agent behavior.
- Ingestion points: Entity discovery and state retrieval via
ha_get_overview,ha_search_entities, andha_get_stateinSKILL.md. - Boundary markers: Absent; there are no specific instructions to the agent to treat entity data as untrusted or to ignore instructions embedded in states/attributes.
- Capability inventory: High-impact tools including
ha_call_service,ha_set_entity, andha_rename_entityare listed in the tooling map inSKILL.md. - Sanitization: Absent; the skill workflow relies on current metadata and states without explicit validation or sanitization of the values before use in logic.
- [No Code] (SAFE): The skill consists exclusively of documentation and instructional markdown files. No executable scripts, binaries, or configuration files that trigger code execution are provided within the skill package.
Audit Metadata