homeassistant-yaml-dry-verifier
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its parsing of Home Assistant YAML files. It extracts fields like 'alias' and 'id' and includes them in the output report provided to the agent. If these files contain malicious instructions, the agent may follow them during its mandatory refactoring phase.
- Ingestion points: The script
scripts/verify_ha_yaml_dry.pyreads and parses local YAML files using a custom loader. - Boundary markers: No delimiters or protective instructions are used to separate user data from the report structure.
- Capability inventory: The agent is instructed in
SKILL.mdto refactor the YAML files, which involves file-write operations. - Sanitization: There is no validation or escaping of the extracted YAML data before it is displayed.
Audit Metadata