homeassistant-skill
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The installation process involves cloning from an untrusted GitHub repository (anotb/homeassistant-skill) or using an unverified package manager (clawhub).
- COMMAND_EXECUTION (MEDIUM): The skill relies on shell-based interactions (curl, jq) to communicate with the Home Assistant API. If the agent incorporates user-provided entity IDs or attributes into these commands without strict validation, it could lead to command injection.
- PROMPT_INJECTION (LOW): The skill has a significant indirect prompt injection surface as it reads state and history data from Home Assistant that may originate from untrusted sources. 1. Ingestion points: README.md documents usage of api/states, api/history, and template evaluation. 2. Boundary markers: None identified in the documentation. 3. Capability inventory: Includes network requests (curl) and service execution (turning on devices, running scripts). 4. Sanitization: No sanitization logic is documented to handle potentially malicious content within Home Assistant states.
Audit Metadata