ha-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- General Analysis (SAFE): The skill consists of Python templates and Markdown documentation for creating Home Assistant custom components. The code structures provided for config flows, data coordinators, and sensor entities are standard boilerplate following official Home Assistant guidelines.
- Data Exposure & Exfiltration (SAFE): The implementation handles API keys and configuration data through the standard Home Assistant
ConfigEntrymechanism. There are no hardcoded credentials, and network operations are limited to a placeholder example for an API coordinator which is the intended purpose of the skill. - Unverifiable Dependencies (SAFE): The dependencies listed in the documentation (homeassistant, voluptuous, aiohttp) are the standard core libraries used for Home Assistant development and are considered trustworthy.
- Indirect Prompt Injection (LOW): As a development template, the code includes surfaces for ingesting external data (API responses). However, the template includes basic type validation (e.g., casting to float) and lacks high-privilege capabilities like command execution, rendering the surface area for injection attacks negligible.
Audit Metadata