Skills
skills/sundial-org/awesome-openclaw-skills/home-assistant/Gen Agent Trust Hub

home-assistant

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data from a Home Assistant instance, which presents a surface for potential indirect prompt injection attacks.
  • Ingestion points: Entity states, attributes, and logbook entries are fetched via curl in scripts/ha.sh and used to inform agent actions.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potential commands embedded within entity names or state descriptions.
  • Capability inventory: The skill has the capability to perform network requests, read/write local files, and control physical hardware via HA service calls.
  • Sanitization: Data is parsed using jq to ensure valid JSON, but the content of the data is not sanitized for potential natural language instructions.
  • [COMMAND_EXECUTION]: The scripts/ha.sh CLI wrapper executes shell commands using curl and jq. It interpolates variables such as entity IDs and service names directly into these commands and JSON payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 07:52 PM