ha-automations
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The 'Agentic Optimizations' section in SKILL.md provides commands to use
greprecursively across theconfig/directory. This directory typically containssecrets.yamland other configuration files that store sensitive information such as API keys, passwords, and private network details. Following these broad search patterns may result in the accidental exposure of these credentials to the agent's context. - [EXTERNAL_DOWNLOADS]: REFERENCE.md contains examples of fetching media from external URLs, such as
http://example.com/sound.mp3. While standard for media players, this constitutes a network request to an external source. - [PROMPT_INJECTION]: The skill defines several surfaces for indirect prompt injection in REFERENCE.md:
- Ingestion points: Webhook triggers and Event triggers allow external, untrusted data to be processed by the system.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the examples provided.
- Capability inventory: The skill allows the agent to use
Read,Edit,Write, andGreptools, providing significant system access. - Sanitization: The documentation does not include sanitization or validation steps for data interpolated via Jinja2 templates (e.g., in variables or conditions), which could allow malicious external payloads to influence the agent's logic or command execution.
Audit Metadata