tesla-fleet-api
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill setup process involves downloading the
tesla-http-proxytool from the official Tesla Motors GitHub repository (github.com/teslamotors/vehicle-command) to handle vehicle command signing. - [COMMAND_EXECUTION]: The
start_proxy.shscript executes the downloadedtesla-http-proxybinary in the background to act as a local signing service. - [COMMAND_EXECUTION]:
tesla_fleet.pyusesos.execvto dynamically route user commands to specific sub-scripts (e.g.,command.py,vehicle_data.py) within the skill directory. - [PROMPT_INJECTION]: The skill architecture includes an indirect prompt injection surface (Category 8).
- Ingestion points:
vehicle_data.pyretrieves and displays data from the Tesla Fleet API, including vehicle display names and configuration metadata. - Boundary markers: Output formatting does not include clear delimiters or instructions for the agent to treat API-retrieved strings as untrusted data.
- Capability inventory: The skill possesses significant capabilities, including the ability to unlock doors, honk the horn, and control vehicle charging/climate via
command.py. - Sanitization: Content returned from the API is parsed and printed without additional sanitization or verification, which could allow maliciously crafted vehicle metadata to influence agent behavior.
Audit Metadata