ha-integration-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches documentation and rule definitions from the home-assistant GitHub organization via curl and WebFetch. While the organization is not on the explicit trusted list, the requests are limited to Markdown files used for instructions.
- [REMOTE_CODE_EXECUTION] (LOW): The skill recommends that the user install an MCP server using 'npx -y @upstash/context7-mcp'. This involves executing remote code from a non-trusted npm package, although it is presented as a manual prerequisite for the user.
- [COMMAND_EXECUTION] (SAFE): Utilizes standard git and gh CLI tools to inspect local changes and fetch repository metadata, which is consistent with its purpose as a code reviewer.
- [PROMPT_INJECTION] (LOW): As a code review tool, the skill is inherently susceptible to indirect prompt injection (Category 8) because it ingests untrusted code from pull requests.
- Ingestion points: Git diff output and local integration files.
- Boundary markers: Absent; there are no specific delimiters or warnings used when passing code content to the agent.
- Capability inventory: Includes subprocess execution (git/gh/curl), which could be manipulated if an injection succeeds.
- Sanitization: No sanitization or validation of the reviewed code is specified before processing.
Audit Metadata