ha-rest-api
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill handles sensitive long-lived access tokens used for Home Assistant authentication.
- Evidence: Both
SKILL.mdandscripts/ha_client.pyretrieve and useHA_LONG_LIVED_TOKENfrom environment variables and shell profiles to populate Authorization headers for network requests. - [COMMAND_EXECUTION]: The skill documentation encourages modification of shell profiles and utilizes shell sourcing commands.
- Evidence:
SKILL.mdincludes instructions tosource ~/.zshrcand suggests adding multiple aliases and environment variables to the~/.zshrcfile for persistent access. - [PROMPT_INJECTION]: The skill documents an interface for Home Assistant template rendering, which creates a surface for indirect prompt injection or server-side template manipulation.
- Ingestion points: The skill processes user-provided data or sensor values which may then be interpolated into API calls.
- Boundary markers: None. There are no delimiters or warnings to ignore instructions within processed data.
- Capability inventory: The skill can perform arbitrary HTTP requests to Home Assistant via
scripts/ha_client.py(specificallycall_service) andcurlexamples. - Sanitization: No sanitization or escaping is performed on data used to construct requests to the
/api/templateendpoint as documented inreferences/api_endpoints.md.
Audit Metadata