ha-custom-cards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references explicitly instruct programmatic installation from HACS via the WebSocket API (e.g., "hacs/repository/download" with repository IDs in HACS Installation and references/reference.md), which fetches community (untrusted/user-generated) repositories and has the agent read dashboard config and system logs, so third-party content is ingested and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime WebSocket connection to ws://192.168.68.123:8123/api/websocket (used in the provided Python snippet) which authenticates and issues "hacs/repository/download" commands to install remote HACS repositories — i.e., it executes remote actions/code and is used as the programmatic installation path for required custom cards.