ha-sunsynk-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes explicit configuration fields and example commands that embed sensitive values (account password, inverter serial, and HA long-lived token) into YAML and curl requests, which would require the LLM to accept and reproduce secret values verbatim when generating configuration or commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs adding and installing the SolarSynkV3 add-on from the repository https://github.com/martinville/solarsynkv3 (fetches remote code that will be executed as a required add-on), so this URL is a runtime external dependency that results in executing remote code.