The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): The skill references a secrets.yaml file (e.g., in examples/configuration.yaml and examples/secrets.yaml). While this file is designed to hold sensitive credentials like API keys and passwords, the provided version contains only generic placeholders (e.g., 'your-api-key-here'). The documentation in references/best-practices.md correctly advises users never to commit this file to version control.
[Indirect Prompt Injection] (LOW): Several components ingest data from external sources, creating a minor surface for indirect injection.
Ingestion points: Calendar events via calendar.get_events and weather data via weather.get_forecasts in examples/automations.yaml and examples/scripts.yaml.
Boundary markers: Not explicitly defined in the Jinja2 templates.
Capability inventory: The ingested data is interpolated into notification messages and Text-to-Speech (TTS) announcements.
Sanitization: The skill relies on standard Home Assistant template rendering; no custom sanitization logic is present to filter malicious strings within calendar event summaries or weather forecasts.
[Command Execution] (SAFE): The Python scripts scripts/check_config.py and scripts/validate_yaml.py perform static analysis on local files. They use yaml.safe_load() to prevent arbitrary code execution during parsing and do not perform any network operations or system-level changes.

homeassistant-config