Home Assistant Automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines automation logic that incorporates untrusted external data, creating a surface for indirect prompt injection.\n
- Ingestion points: The skill processes 'Sensor data' and interpolates 'voice_intents' variables, such as the {temp} parameter in the climate control template, directly into service calls.\n
- Boundary markers: There are no explicit delimiters or system instructions provided to ensure the agent ignores potentially malicious instructions embedded within sensor states or user-provided variables.\n
- Capability inventory: The skill has the ability to execute high-privilege physical actions, including toggling security locks (lock.lock), managing alarm systems (alarm_control_panel.home), and accessing camera feeds (camera.snapshot) via the ha_service_call tool.\n
- Sanitization: The skill lacks defined validation or escaping mechanisms for the data ingested from Home Assistant entities or voice command parameters.
Audit Metadata