home-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to collect and store Home Assistant tokens/passwords and shows examples that embed those secrets verbatim into commands (curl Authorization headers, sshpass and python helper --password), requiring the LLM to handle and output secret values directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime installation using a remote installer that downloads and executes code (wget -O
• https://get.hacs.xyz | bash -) to install HACS, which the skill treats as a required dependency for custom cards, so this URL fetches and runs remote code during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes commands that modify system state and require elevated privileges (e.g., sudo ufw firewall rules, editing authorized_keys/SSH access, running install scripts like wget | bash and add-on installs, and directives to read/write Home Assistant config paths), so it encourages privileged or state-changing operations on the host.