home-assistant-best-practices
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and configuration data from Home Assistant's official GitHub repository (home-assistant/home-assistant.io). This is documented neutrally as it targets a well-known and reputable service related to the skill's primary purpose.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for writing custom JavaScript and registering it as a dashboard resource. This allows the agent to generate and execute arbitrary code within the client-side browser context of the Home Assistant dashboard.
- [DATA_EXFILTRATION]: The Visual Iteration Workflow suggests using browser automation tools to take screenshots of the Home Assistant dashboard. This facilitates the collection of visual data representing the entire state of the user's smart home, which is then processed by the agent.
- [COMMAND_EXECUTION]: The documentation references the command_line and shell_command integrations. These native features allow the agent to define or interact with sensors and actions that execute shell commands on the host system, providing a path for local command execution.
Audit Metadata