The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from Home Assistant entities using tools like ha_search_entities. * Ingestion points: ha_search_entities and ha_get_device in SKILL.md. * Boundary markers: None. * Capability inventory: Local execution of the bundled gen_esphome_noise_psk.py script. * Sanitization: None.
COMMAND_EXECUTION (SAFE): The skill executes a bundled script scripts/gen_esphome_noise_psk.py to generate 32-byte base64 keys. The script uses Python standard libraries and does not accept untrusted input that could lead to command injection.

home-assistant-esphome