home-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements secure credential management by requiring a Long-Lived Access Token to be provided via environment variables (HOME_ASSISTANT_TOKEN), preventing the exposure of sensitive secrets in the source code or logs.
- [PROMPT_INJECTION]: The skill presents a potential indirect prompt injection surface due to its role in fetching and processing external data from a Home Assistant instance.
- Ingestion points: Data from the Home Assistant environment is ingested via get-states.ts, get-config.ts, and get-history.ts, which retrieve entity states, configuration, and historical records.
- Boundary markers: The skill documentation and prompt instructions do not specify the use of delimiters to separate retrieved API data from the agent's instructions.
- Capability inventory: The skill allows the agent to perform actions in the physical environment (e.g., controlling lights, locks, or thermostats) via call-service.js and fire-event.js.
- Sanitization: While the scripts process data as structured JSON, they do not perform semantic analysis or filtering to prevent instructions embedded within entity attributes from influencing the agent's behavior.
Audit Metadata