home-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and scripts (e.g., ha_get_automations.py, ha_search_dashboards.py, ha_get_trace.py, ha_get_entities.py) explicitly fetch and parse user-generated content from the external Home Assistant instance at https://ha.cullen.rocks (REST and websocket APIs), and SKILL.md requires using those live automations/dashboards/traces as examples to generate YAML and drive decisions, so untrusted third-party content could materially influence agent behavior.