home-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill transmits a sensitive Long-Lived Access Token to a user-configured URL. While necessary for Home Assistant communication, this creates an exfiltration vector if an attacker can influence the
HA_URLconfiguration via prompt injection. - [COMMAND_EXECUTION] (LOW): In
scripts/ha.sh, JSON payloads are constructed using string interpolation (e.g., in theonandclimatecommands). This is vulnerable to JSON injection if entity IDs or parameters contain malformed JSON characters, though shell injection is mitigated by double-quoting. - [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface. 1. Ingestion points: Entity IDs and states read from the Home Assistant API in
scripts/ha.sh. 2. Boundary markers: Absent. 3. Capability inventory: Network POST requests viacurlto control smart home devices inscripts/ha.sh. 4. Sanitization: Absent; untrusted entity data is interpolated directly into shell commands and JSON strings.
Audit Metadata