The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a script directly from a remote server using a dangerous piped-to-shell command pattern.
Evidence: `wget -O
https://get.hacs.xyz | bash -inSKILL.md` under the HACS Setup section.
[EXTERNAL_DOWNLOADS]: The skill references several external domains and repositories that are not included in the trusted vendors list.
Evidence: Downloads from https://get.hacs.xyz.
Evidence: References to third-party repositories such as https://github.com/zigbee2mqtt/hassio-zigbee2mqtt.
[CREDENTIALS_UNSAFE]: The skill encourages the collection and use of sensitive authentication materials in ways that could lead to exposure.
Evidence: The 'Connection Setup' section explicitly requests the user's Long-Lived Access Token and HA URL.
Evidence: The skill provides examples using sshpass -p '<password>', which exposes passwords in the process list and command history.
[COMMAND_EXECUTION]: The skill relies on extensive use of system-level commands, including those requiring elevated privileges.
Evidence: Frequent use of ssh, curl, and bash for administrative tasks.
Evidence: Use of sudo for modifying firewall rules (e.g., sudo ufw allow ...).
[PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its interaction with untrusted external data.
Ingestion points: The skill reads from /config/home-assistant.log and fetches entity states via /api/states.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to distinguish between system data and potentially malicious commands.
Capability inventory: The skill has broad capabilities including shell execution (ssh, cat, grep), file management, and network operations (curl).
Sanitization: There is no evidence of sanitization or validation performed on the data retrieved from logs or API responses before it is processed by the agent.

home-assistant