homeassistant-n8n-agent
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions lead the agent to construct shell commands by interpolating user input directly into a
curlcommand string within SKILL.md. This pattern is highly susceptible to command injection if the input contains shell-sensitive characters (e.g., semicolons, backticks, or pipes), potentially allowing an attacker to execute arbitrary code on the host system. - [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. 1. Ingestion points: User-provided queries are used as the primary data source for the 'chatInput' field in the constructed shell command. 2. Boundary markers: No delimiters or instructions are provided to the agent to treat user input as untrusted or to isolate it from the rest of the command string. 3. Capability inventory: The skill leverages the host's shell to execute 'curl' commands. 4. Sanitization: No sanitization, escaping, or validation mechanisms are implemented to ensure the user input does not break the shell command structure.
Recommendations
- AI detected serious security threats
Audit Metadata