homeassistant-yaml-dry-verifier
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of a provided Python script (
verify_ha_yaml_dry.py) to perform local analysis of Home Assistant configuration files. - [EXTERNAL_DOWNLOADS]: The documentation references standard status badges and static images from trusted domains like github.com and img.shields.io.
- [PROMPT_INJECTION]: The skill processes user-controlled YAML configuration files which represents a surface for indirect prompt injection. 1. Ingestion points: Content is read from local YAML files in the user's config directory. 2. Boundary markers: Absent. 3. Capability inventory: The agent is instructed to refactor local YAML files based on findings. 4. Sanitization: YAML scalar values are not sanitized before reporting.
- [SAFE]: The Python script utilizes PyYAML's
SafeLoaderto ensure that YAML parsing is restricted to safe types, preventing potential code execution via YAML tags.
Audit Metadata