homeassistant-ops
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The referenced execution logic in scripts/ha_ops.js is missing from the provided files, preventing a code-level security audit.
- Indirect Prompt Injection (SAFE): The skill's design involves processing data from external APIs and backups, which creates a potential surface for indirect prompt injection, but no code was available to evaluate actual vulnerabilities. 1. Ingestion points: Home Assistant API and local backups. 2. Boundary markers: Not specified. 3. Capability inventory: Calling HA services and modifying registries. 4. Sanitization: Not specified.
- Data Exposure (SAFE): Tokens are managed via environment variables. Access to system backups is appropriate for the skill's stated operational purpose.
Audit Metadata