Skills
skills/l3digital-net/claude-code-plugins/ha-websocket-api/Gen Agent Trust Hub

ha-websocket-api

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard documentation and code snippets for Home Assistant WebSocket API development. No malicious patterns or security risks were identified. All code samples follow Home Assistant's official development guidelines.
  • [PROMPT_INJECTION]: No prompt injection, role-play attempts, or instruction overrides were found within the skill's instructions or code comments.
  • [DATA_EXFILTRATION]: No unauthorized data exposure or exfiltration patterns were detected. Data retrieval is restricted to the internal Home Assistant state machine (hass.data) as expected for integration development.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as curl | bash or unsafe use of eval(), were found. The skill relies on standard Home Assistant core components.
  • [SAFE]: Potential surfaces for indirect prompt injection were evaluated.
  • Ingestion points: WebSocket message payload msg in api.py functions.
  • Boundary markers: Schema validation using the voluptuous library is explicitly used in the @websocket_api.websocket_command decorators.
  • Capability inventory: No high-risk capabilities such as subprocess spawning, file system writes, or arbitrary network access are present in the provided scripts.
  • Sanitization: Input validation is enforced via strict voluptuous schemas for all registered commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:36 PM