ha-validate-dashboards
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through the ingestion of untrusted external data.
- Ingestion points: In
references/validation-reference.md, the skill implements logic to fetch and analyze Home Assistant error logs (/api/error_log) and read browser console messages (claude-in-chrome/read_console_messages). - Boundary markers: The instructions do not include specific delimiters or "ignore embedded instructions" warnings when processing the text retrieved from these external sources.
- Capability inventory: The skill possesses the capability to perform network operations via
requestsandwebsocket-client, as well as file-writing capabilities for dashboard backups inSKILL.md. - Sanitization: While the skill uses regex to parse logs for specific components, it does not sanitize or escape the content of the error messages or console logs before they are processed by the agent.
Audit Metadata