Skills
skills/laurigates/claude-plugins/ha-validate/Gen Agent Trust Hub

ha-validate

Warn

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates the 'path' argument directly into multiple shell commands (e.g., find {{ path or '.' }}, grep ... {{ path or '.' }}) without sanitization. This creates a vulnerability where a malicious path string could be used to execute arbitrary shell commands on the host system.
  • [DATA_EXFILTRATION]: The skill explicitly targets and reads secrets.yaml, a sensitive file containing credentials and private data for Home Assistant. It extracts defined secret keys to verify usage, which could expose sensitive identifiers if the validation output is compromised.
  • [PROMPT_INJECTION]: The skill processes the content of local YAML files to generate validation reports, representing an indirect prompt injection surface.
  • Ingestion points: Reads local file content using find, grep, and Python file-reading operations on *.yaml files.
  • Boundary markers: No delimiters or protective instructions are used when passing file contents or validation errors to the agent for reporting.
  • Capability inventory: Access to Bash (including python3, docker exec, and ha CLI), Read, Grep, and Glob tools.
  • Sanitization: None. The skill does not validate or sanitize the path argument or the content of the files it processes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 23, 2026, 01:27 PM